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High Vulnerabilities 








Primary 
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CVSS Source & Patch 


Description Published Score Info 








4MOSAn GCB Doctor’s login page has improper validation of 
Cookie, which allows an unauthenticated remote attacker to 
4mosan -- gcb_ doctor bypass authentication by code injection in cookie, and arbitrarily 2021-11-19 
manipulate the system or interrupt services by upload and 
execution of arbitrary files. 


Adobe Creative Cloud version 5.5 (and earlier) are affected by a 
privilege escalation vulnerability in the resources leveraged by the 
Setup.exe service. An unauthenticated attacker could leverage 
adobe -- this vulnerability to remove files and escalate privileges under the 
creative_cloud_desktop_application context of SYSTEM . An attacker must first obtain the ability to 
execute low-privileged code on the target system in order to 
exploit this vulnerability on the product installer. User interaction is 
required before product installation to abuse this vulnerability. 


Adobe InCopy version 16.4 (and earlier) is affected by a memory 
corruption vulnerability due to insecure handling of a malicious 
adobe -- incopy GIF file, potentially resulting in arbitrary code execution in the 2021-11-22 
context of the current user. User interaction is required in that the 
victim must open a specially crafted file to exploit this vulnerability. 


CVE-2021-42338 
Adobe Prelude version 10.1 (and earlier) is affected by a memory 


CONFIRM 








CVE-2021-43019 
9.3 MISC 
MISC 


2021-11-23 








CVE-2021-43015 
MISC 











corruption vulnerability due to insecure handling of a malicious 
adobe -- prelude MXF file, potentially resulting in arbitrary code execution in the 2021-11-22 
context of the current user. User interaction is required in that the 

victim must open a specially crafted file to exploit this vulnerability. 


An HTTP request smuggling in web application in ASUS ROG 
Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT- 
AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM 
EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U 
asus -- gt-ax11000_firmware ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, || 2021-11-19 
TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS 
ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U 
before 3.0.0.4.386.45911, allows a remote unauthenticated 
attacker to DoS via sending a specially crafted HTTP packet. 


A brute-force protection bypass in CAPTCHA protection in ASUS 


CVE-2021-42738 
MISC 








CVE-2021-41436 





MISC 
MISC 
MISC 
7.8 MISC 
MISC 
MISC 
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ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, MISC 
RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM MISC 
EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U MISC 
asus -- gt-ax11000_firmware ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, || 2021-11-19 10 MISC 
TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS MISC 
ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U MISC 
before 3.0.0.4.386.45911, allows a remote attacker to attempt any MISC 
number of login attempts via sending a specific HTTP request. MISC 
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beyondtrust -- 
privilsge-management fol windows 


BeyondTrust Privilege Management prior to version 21.6 creates a 
‘Temporary File in a Directory with Insecure Permissions. 


2021-11-19 


CVE-2021-42254 
MISC 
MISC 








c-ares_project -- c-ares 


A flaw was found in c-ares library, where a missing input validation 
check of host names returned by DNS (Domain Name Servers) 
can lead to output of wrong hostnames which might potentially 
lead to Domain Hijacking. The highest threat from this vulnerability 
is to confidentiality and integrity as well as system availability. 


2021-11-23 


CVE-2021-3672 
MISC 
MISC 








dell -- cloudlink 


Dell EMC CloudLink 7.1 and all prior versions contain a Hard- 
coded Password Vulnerability. A remote high privileged attacker, 
with the knowledge of the hard-coded credentials, may potentially 
exploit this vulnerability to gain unauthorized access to the 
system. 


2021-11-23 


CVE-2021-36312 
CONFIRM 








dell -- cloudlink 


Dell EMC CloudLink 7.1 and all prior versions contain an OS 
command injection Vulnerability. A remote high privileged attacker, 
may potentially exploit this vulnerability, leading to the execution of 
arbitrary OS commands on the application's underlying OS, with 
the privileges of the vulnerable application. Exploitation may lead 
to a system take over by an attacker. This vulnerability is 
considered critical as it may be leveraged to completely 
compromise the vulnerable application as well as the underlying 
operating system. Dell recommends customers to upgrade at the 
earliest opportunity. 


2021-11-23 


Ico 


CVE-2021-36313 
CONFIRM 








dell -- emc_cloud_link 


Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary 
File Creation Vulnerability. A remote unauthenticated attacker, 
may potentially exploit this vulnerability, leading to the execution of 
arbitrary files on the end user system. 


2021-11-23 


CVE-2021-36314 
CONFIRM 








dell -- networking _os10 


Networking OS10, versions prior to October 2021 with 
RESTCONF API enabled, contains a privilege escalation 
vulnerability. A malicious low privileged user with specific access 
to the API could potentially exploit this vulnerability to gain admin 
privileges on the affected system. 


2021-11-20 


CVE-2021-36307 
MISC 








dell -- networking _os10 


Networking OS10, versions prior to October 2021 with Smart 
Fabric Services enabled, contains an authentication bypass 
vulnerability. A remote unauthenticated attacker could exploit this 
vulnerability to gain access and perform actions on the affected 
system. 


2021-11-20 


CVE-2021-36308 
MISC 








dell -- networking_os10 


Networking OS10, versions prior to October 2021 with 
RESTCONF API enabled, contains an authentication bypass 
vulnerability. A remote unauthenticated attacker could exploit this 
vulnerability to gain access and perform actions on the affected 
system. 


2021-11-20 


CVE-2021-36306 
MISC 








dell -- x1008p_firmware 


Dell Networking X-Series firmware versions prior to 3.0.1.8 
contain an authentication bypass vulnerability. A remote 
unauthenticated attacker may potentially hijack a session and 
access the webserver by forging the session ID. 


2021-11-20 


CVE-2021-36320 
MISC 








duplicate_post_project -- 
duplicate_post 


The "Duplicate Post" WordPress plugin up to and including 
version 1.1.9 is vulnerable to SQL Injection. SQL injection 
vulnerabilities occur when client supplied data is included within 
an SQL Query insecurely. SQL Injection can typically be exploited 
to read, modify and delete SQL table data. In many cases it also 
possible to exploit features of SQL server to execute system 
commands and/or access the local file system. This particular 
vulnerability can be exploited by any authenticated user who has 
been granted access to use the Duplicate Post plugin. By default, 
this is limited to Administrators, however the plugin presents the 
option to permit access to the Editor, Author, Contributor and 
Subscriber roles. 


2021-11-19 


Io 


CVE-2021-43408 
MISC 
MISC 








gerbv_project -- gerbv 


An out-of-bounds write vulnerability exists in the drill format T- 
code tool number functionality of Gerbv 2.7.0, dev (commit 
b5f1eacd), and the forked version of Gerbv (commit 71493260). A 
specially-crafted drill file can lead to code execution. An attacker 
can provide a malicious file to trigger this vulnerability. 


2021-11-19 


CVE-2021-40391 
MISC 








huawei -- 
cloudengine_5800_ firmware 








There is a privilege escalation vulnerability in CloudEngine 5800 
V200R020C00SPC600. Due to lack of privilege restrictions, an 
authenticated local attacker can perform specific operation to 
exploit this vulnerability. Successful exploitation may cause the 





attacker to obtain a higher privilege. 








2021-11-23 








CVE-2021-39976 
MISC 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
There is a command injection vulnerability in CMA service module 
of FusionCompute product when processing the default certificate 
file. The software constructs part of a command using external 
: : special input from users, but the software does not sufficiently CVE-2021-37102 
huawei -- fusioncompute validate the user input. Successful exploit could allow the attacker 202111723 a MISC 
to inject certain commands to the system. Affected product 
versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 
8.0.0. 
IBM Planning Analytics 2.0 is potentially vulnerable to CSV 
F F ; Injection. A remote attacker could execute arbitrary commands on CVE-2021-38873 
ibm -- planning_analytics $ artes : 2021-11-24 9.3 CONFIRM 
the system, caused by improper validation of csv file contents. XE 
IBM X-Force ID: 208396. = 
ius_get.cgi in lpTime C200 camera allows remote code execution. 
re : A remote attacker may send a crafted parameters to the exposed CVE-2021-26614 
iptime -- c200_firmware vulnerable web service interface which invokes the arbitrary shell 2021511722 10 MISC 
command. 
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to 
an unchecked condition, a malicious or compromised IMAP server oo 
isync_project -- isync could use a crafted mail message that lacks headers (i.e., one that|| 2021-11-22 t9 MISC 
starts with an empty line) to provoke a heap overflow, which could MISC 
conceivably be exploited for remote code execution. = 
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to CVE-2021-3943 
moodle -- moodle 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote 2021-11-22 TS MISC 
code execution risk when restoring backup files was identified. MISC 
NVIDIA GPU and Tegra hardware contain a vulnerability in the 
internal microcontroller which may allow a user with elevated CVE-2021-23217 
nvidia -- geforce_gt_605 privileges to instantiate a specifically timed DMA write to corrupt 2021-11-20 1.2 CONFIRM 
code execution, which may impact confidentiality, integrity, or e 
availability. 
NVIDIA GPU and Tegra hardware contain a vulnerability in an 
internal microcontroller which may allow a user with elevated CVE-2021-23201 
nvidia -- geforce_gtx_950 privileges to generate valid microcode. This could lead to 2021-11-20 L2 CONFIRM 
information disclosure, data corruption, or denial of service of the E 
device. 
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via Sesion 
oisf -- suricata a client with a crafted TCP/IP stack that can send a certain 2021-11-19 75 CONFIRM 
sequence of segments. CONFIRM 
A vulnerability in Pulse Connect Secure before 9.1R12.1 could 
aa secure allow an unauthenticated administrator to causes a denial of 2021-11-19 28 — 
pulse _ = service when a malformed request is sent to the device. En 
An issue was discovered in Quagga through 1.2.4. Unsafe 
chown/chmod operations in the suggested spec file allow users CVE-2021-44038 
quagga -- quagga (with control of the non-root-owned directory /etc/quagga) to 2021-11-19 7.2 MISC 
escalate their privileges to root upon package installation or MISC 
update. 
CVE-2021-44026 
MISC 
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a EE 
roundcube -- webmail ; a aa Ea ed 2021-11-19 75 MISC 
potential SQL injection via search or search_params. FEDORA 
FEDORA 
DEBIAN 
Sharetribe Go is a source available marketplace software. In 
affected versions operating system command injection is possible 
on installations of Sharetribe Go, that do not have a secret AWS 
Simple Notification Service (SNS) notification token configured via onm = 
sharetribe -- sharetribe the `sns_notification_token` configuration parameter. This 2021-11-19 718 Msc 
configuration parameter is unset by default. The vulnerability has MISC 
been patched in version 10.2.1. Users who are unable to upgrade Pe 
should set the`sns_notification_token` configuration parameter to 
a secret value. 
CVE-2021-3968 
vim -- vim vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 aa a 
FEDORA 
CVE-2021-3973 
> 2 PRSE MISC 
vim -- vim vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 9.3 CONFIRM 
FEDORA 
In the wazuh-slack active response script in Wazuh before 4.2.5, CVE-2021-44079 
wazuh -- wazuh untrusted user agents are passed to a curl command line, 2021-11-22 15 MISC 
potentially resulting in remote code execution. MISC 
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The SQL injection vulnerability in the Hide My WP WordPress 
plugin (versions <= 6.2.3) is possible because of how the IP 
address is retrieved and used inside a SQL query. The function 
"hmwp_get_user_ip" tries to retrieve the IP address from multiple 2021-11-24 75 CONFIRM 
headers, including IP address headers that the user can spoof, = MISC 
such as "X-Forwarded-For." As a result, the malicious payload MISC 
supplied in one of these IP address headers will be directly 
inserted into the SQL query, making SQL injection possible. 


CVE-2021-36916 
wpwave -- hide_my_wp 









































Back to top 
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Primary CVSS Source & Patch 


Published 


Vendor -- Product 


Description 


Info 








adobe -- audition 


Adobe Audition version 14.2 (and earlier) is affected by an out-of- 
bounds read vulnerability when parsing a specially crafted file. An 
unauthenticated attacker could leverage this vulnerability to 
disclose arbitrary memory information in the context of the current 
user. Exploitation of this issue requires user interaction in that a 
victim must open a malicious file. 


2021-11-19 


CVE-2021-36003 
MISC 








adobe -- incopy 


Adobe InCopy version 16.4 (and earlier) is affected by a Null 
pointer dereference vulnerability when parsing a specially crafted 
file. An unauthenticated attacker could leverage this vulnerability 
to achieve an application denial-of-service in the context of the 
current user. Exploitation of this issue requires user interaction in 
that a victim must open a malicious file. 


2021-11-22 


CVE-2021-43016 
MISC 








adobe -- prelude 


Adobe Prelude version 10.1 (and earlier) is affected by a memory 
corruption vulnerability due to insecure handling of a malicious 
SVG file, potentially resulting in arbitrary code execution in the 
context of the current user. User interaction is required in that the 


victim must open a specially crafted file to exploit this vulnerability. 


2021-11-22 


CVE-2021-40775 
MISC 








adobe -- prelude 


Adobe Prelude version 10.1 (and earlier) is affected by a memory 
corruption vulnerability due to insecure handling of a malicious 
MAA file, potentially resulting in arbitrary code execution in the 
context of the current user. User interaction is required in that the 


victim must open a specially crafted file to exploit this vulnerability. 


2021-11-22 


CVE-2021-40770 
MISC 








adobe -- prelude 


Adobe Prelude version 10.1 (and earlier) is affected by a memory 
corruption vulnerability due to insecure handling of a malicious 
WAV file, potentially resulting in arbitrary code execution in the 
context of the current user. User interaction is required in that the 
victim must open a specially crafted file to exploit this vulnerability. 


2021-11-22 


CVE-2021-42737 
MISC 








adobe -- prelude 


Adobe Prelude version 10.1 (and earlier) is affected by an 
improper input validation vulnerability in the XDCAMSAM 
directory. An unauthenticated attacker could leverage this 
vulnerability to execute arbitrary code in the context of the current 
user. Exploitation of this issue requires user interaction in that a 
victim must open a malicious file. 


2021-11-22 


CVE-2021-42733 
MISC 








adobe -- prelude 


Adobe Prelude version 10.1 (and earlier) is affected by a memory 
corruption vulnerability due to insecure handling of a malicious 
MAA file, potentially resulting in arbitrary code execution in the 
context of the current user. User interaction is required in that the 
victim must open a specially crafted file to exploit this vulnerability. 


2021-11-22 


CVE-2021-40772 
MISC 








adobe -- prelude 


Adobe Prelude version 10.1 (and earlier) is affected by a null 
pointer dereference vulnerability when parsing a specially crafted 
file. An unauthenticated attacker could leverage this vulnerability 
to achieve an application denial-of-service in the context of the 
current user. Exploitation of this issue requires user interaction in 
that a victim must open a malicious file. 


2021-11-22 


CVE-2021-40774 
MISC 








adobe -- prelude 


Adobe Prelude version 10.1 (and earlier) is affected by a null 
pointer dereference vulnerability when parsing a specially crafted 
file. An unauthenticated attacker could leverage this vulnerability 
to achieve an application denial-of-service in the context of the 
current user. Exploitation of this issue requires user interaction in 
that a victim must open a malicious file. 


2021-11-22 


CVE-2021-40773 
MISC 








adobe -- prelude 








Adobe Prelude version 10.1 (and earlier) is affected by a memory 
corruption vulnerability due to insecure handling of a malicious 
WAV file, potentially resulting in arbitrary code execution in the 
context of the current user. User interaction is required in that the 





victim must open a specially crafted file to exploit this vulnerability. 








2021-11-22 








CVE-2021-40771 
MISC 
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adobe -- robohelp_server 


Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are 
affected by a Path traversal vulnerability. The authenticated 
attacker can upload arbitrary files outside of the intended directory 
to cause remote code execution with privileges of user running 
Tomcat. Exploitation of this issue requires user interaction in that a 
victim must navigate to a planted file on the server. 


2021-11-22 


CVE-2021-42727 
MISC 








algolia -- algoliasearch-helper 


The package algoliasearch-helper before 3.6.2 are vulnerable to 
Prototype Pollution due to use of the merge function in 
src/SearchParameters/index.jsSearchParameters._parseNumbers 
without any protection against prototype properties. Note that this 
vulnerability is only exploitable if the implementation allows users 
to define arbitrary search patterns. 


2021-11-19 


CVE-2021-23433 
MISC 
MISC 
MISC 








apache -- apisix 


The uri-block plugin in Apache APISIX before 2.10.2 uses 
$request_uri without verification. The $request_uri is the full 
original request URI without normalization. This makes it possible 
to construct a URI to bypass the block list on some occasions. For 
instance, when the block list contains "‘/internal/", a URI like 
`//internal^ can be used to bypass it. Some other plugins also 
have the same issue. And it may affect the developer's custom 


plugin. 


2021-11-22 


ln 


CVE-2021-43557 
MISC 

MLIST 

MLIST 

MLIST 








cisco -- 
common_services_platform_collecta 


A vulnerability in the web application of Cisco Common Services 
Platform Collector (CSPC) could allow an authenticated, remote 
attacker to specify non-log files as sources for syslog reporting. 
This vulnerability is due to improper restriction of the syslog 
(configuration. An attacker could exploit this vulnerability by 
configuring non-log files as sources for syslog reporting through 
the web application. A successful exploit could allow the attacker 
to read non-log files on the CSPC. 


2021-11-19 


IA 


CVE-2021-40130 
CISCO 








cisco -- 
common_services_platform_collecta 


A vulnerability in the configuration dashboard of Cisco Common 
Services Platform Collector (CSPC) could allow an authenticated, 
remote attacker to submit a SQL query through the CSPC 
configuration dashboard. This vulnerability is due to insufficient 
jinput validation of uploaded files. An attacker could exploit this 
vulnerability by uploading a file containing a SQL query to the 
configuration dashboard. A successful exploit could allow the 
attacker to read restricted information from the CSPC SQL 
database. 


2021-11-19 


IA 


CVE-2021-40129 
CISCO 








claris -- filemaker_pro 


An XML External Entity issue in Claris FileMaker Pro and Server 
(including WebDirect) before 19.4.1 allows a remote attacker to 
disclose local files via a crafted XML/Excel document and perform 
server-side request forgery attacks. 


2021-11-22 


CVE-2021-44147 
MISC 
MISC 








concretecms -- concrete_cms 


A bypass of adding remote files in Concrete CMS (previously 
concrete5) File Manager leads to remote code execution in 
Concrete CMS (concrete5) versions 8.5.6 and below. The external 
file upload feature stages files in the public directory even if they 
have disallowed file extensions. They are stored in a directory with 
a random name, but it's possible to stall the uploads and brute 
force the directory name. You have to be an admin with the ability 
to upload files, but this bug gives you the ability to upload 
restricted file types and execute them depending on server 
configuration. To fix this, a check for allowed file extensions was 
added before downloading files to a tmp directory.Concrete CMS 
Security Team gave this a CVSS v3.1 score of 5.4 
AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete 
version 9.0.0 


2021-11-19 


CVE-2021-22968 
MISC 
MISC 








concretecms -- concrete_cms 


Unauthorized individuals could view password protected files 
using view_inline in Concrete CMS (previously concrete 5) prior to 
version 8.5.7. Concrete CMS now checks to see if a file has a 
password in view_inline and, if it does, the file is not rendered.For 
version 8.5.6, the following mitigations were put in place a. 
restricting file types for view_inline to images only b. putting a 
warning in the file manager to advise users.Credit for discovery: 
"Solar Security Research Team"Concrete CMS security team 
CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis 
fix is also in Concrete version 9.0.0 


2021-11-19 


In 


ICVE-2021-22951 
MISC 
MISC 








concretecms -- concrete_cms 








In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows 
Unauthenticated User to Access Restricted Files If Allowed to Add 
Message to a Conversation. To remediate this, a check was added 
to verify a user has permissions to view files before attaching the 
files to a message in "add / edit message”.Concrete CMS security 
team gave this a CVSS v3.1 score of 4.3 
AAV:N/AC:L/PR:L/UI:N/S:U/C:L/E:N/A:NCredit for discovery Adrian 
H 











2021-11-19 





In 





CVE-2021-22967 
MISC 
MISC 
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concretecms -- concrete_cms 


Concrete CMS (formerly concrete5) versions below 8.5.7 has a 
SSRF mitigation bypass using DNS Rebind attack giving an 
attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix 
this Concrete CMS no longer allows downloads from the local 
network and specifies the validated IP when downloading rather 
than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE 
( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this 
a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/AUN . 
Please note that Cloud IAAS provider mis-configurations are not 
Concrete CMS vulnerabilities. A mitigation for this vulnerability is 
to make sure that the IMDS configurations are according to a 
cloud provider's best practices. This fix is also in Concrete version 
9.0.0 


2021-11-19 


In 


CVE-2021-22969 
MISC 
MISC 








concretecms -- concrete_cms 


Concrete CMS (formerly concrete5) versions 8.5.6 and below and 
version 9.0.0 allow local IP importing causing the system to be 
vulnerable toa. SSRF attacks on the private LAN servers by 
reading files from the local LAN. An attacker can pivot in the 
private LAN and exploit local network appsandb. SSRF Mitigation 
Bypass through DNS RebindingConcrete CMS security team gave 
this a CVSS score of 3.5 
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is 
maintaining Concrete version 8.5.x until 1 May 2022 for security 
fixes. This CVE is shared with HackerOne Reports 
https://hackerone.com/reports/1364797 and 
https://hackerone.com/reports/1360016Reporters: Adrian Tiron 
from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and Bipul 
Jaiswal 


2021-11-19 


In 


CVE-2021-22970 
MISC 
MISC 
MISC 








concretecms -- concrete_cms 


Privilege escalation from Editor to Admin using Groups in 
Concrete CMS versions 8.5.6 and below. If a group is granted 
"view" permissions on the bulkupdate page, then users in that 
group can escalate to being an administrator with a specially 
crafted curl. Fixed by adding a check for group permissions before 
allowing a group to be moved. Concrete CMS Security team 
CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit 
for discovery: "Adrian Tiron from FORTBRIDGE ( 
https://www.fortbridge.co.uk/ )"This fix is also in Concrete version 
9.0.0 


2021-11-19 


CVE-2021-22966 
MISC 
MISC 








crocontrol -- asterix 


Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, 
with additional details to be disclosed at a later date. 


2021-11-22 


CVE-2021-44144 
MISC 








delitestudio -- 


push_notifications_for_wordpress_lit 


Cross-site request forgery (CSRF) vulnerability in Push 
Notifications for WordPress (Lite) versions prior to 6.0.1 allows a 
remote attacker to hijack the authentication of an administrator 


fand conduct an arbitrary operation via a specially crafted web 


page. 


2021-11-24 


CVE-2021-20846 
MISC 
MISC 
MISC 








dell -- emc_cloud_link 


Dell EMC CloudLink 7.1 and all prior versions contain a CSV 
formula Injection Vulnerability. A remote high privileged attacker, 
may potentially exploit this vulnerability, leading to arbitrary code 
execution on end user machine 


2021-11-23 


ID 


CVE-2021-36334 
CONFIRM 








dell -- emc_cloud_link 


Dell EMC CloudLink 7.1 and all prior versions contain a HTML and 
Javascript Injection Vulnerability. A remote low privileged attacker, 
may potentially exploit this vulnerability, directing end user to 
arbitrary and potentially malicious websites. 


2021-11-23 


CVE-2021-36332 
CONFIRM 








dell -- emc_cloud_link 


Dell EMC CloudLink 7.1 and all prior versions contain an Improper 
Input Validation Vulnerability. A remote low privileged attacker, 
may potentially exploit this vulnerability, leading to execution of 
arbitrary files on the server 


2021-11-23 


CVE-2021-36335 
CONFIRM 








dell -- emc_idrac9_firmware 


Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 
and 5.00.00.00 contain an SQL injection vulnerability. A remote 
authenticated malicious user with low privileges may potentially 
exploit this vulnerability to cause information disclosure or denial 
of service by supplying specially crafted input data to the affected 
application. 


2021-11-23 


CVE-2021-36299 
CONFIRM 








dell -- emc_idrac9_firmware 


iDRAC9 versions prior to 5.00.00.00 contain an improper input 
validation vulnerability. An unauthenticated remote attacker may 
potentially exploit this vulnerability by sending a specially crafted 
malicious request to crash the webserver or cause information 
disclosure. 


2021-11-23 


CVE-2021-36300 
CONFIRM 








dell -- emc_networker 


Dell EMC Networker versions prior to 19.5 contain an Improper 
Authorization vulnerability. Any local malicious user with networker 
user privileges may exploit this vulnerability to upload malicious 
file to unauthorized locations and execute it. 


2021-11-23 


CVE-2021-36311 
CONFIRM 











dell -- networking _os10 





Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 
10.5.2.x, contain an uncontrolled resource consumption flaw in its 
API service. A high-privileged API user may potentially exploit this 
vulnerability, leading to a denial of service. 











2021-11-20 








CVE-2021-36310 
MISC 
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processing messages. IBM X-Force ID: 208398. 

















Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Dell Networking X-Series firmware versions prior to 3.0.1.8 
contain a host header injection vulnerability. A remote CVE-2021-36322 
dell -- x1008p_firmware unauthenticated attacker may potentially exploit this vulnerability 2021-11-20 5.8 ners eee 
T : p MISC 
by injecting arbitrary host header values to poison the web-cache 
or trigger redirections. 
Dell Networking X-Series firmware versions prior to 3.0.1.8 
; contain an improper input validation vulnerability. A remote CVE-2021-36321 
dell = x1008p_firmware unauthenticated attacker may potentially exploit this vulnerability Ee 5 MISC 
by sending specially crafted data to trigger a denial of service. 
The Easy Registration Forms WordPress plugin is vulnerable to 
easyredistrationiorms + Cross-Site Request Forgery due to missing nonce validation via CVE-2021-39353 
se 9 istration: torie the ajax_add_form function found in the ~/includes/class-form.php || 2021-11-19 6.8 MISC 
y_feg = file which made it possible for attackers to inject arbitrary web MISC 
scripts in versions up to, and including 2.1.1. 
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 
ae bubexserccube series 2.11.0 to 2.17.1 allows a remote attacker to hijack the 2021-11-24 43 oo 
authentication of Administrator and delete Administrator via a a MISC 
specially crafted web page. TO 
Improper access control in Management screen of EC-CUBE 2 
sccübs-eccübs series 2.11.2 to 2.17.1 allows a remote authenticated attacker to 2021-11-24 F ao e 
bypass access restriction and to alter System settings via = MISC 
unspecified vectors. = 
The MAZ Loader WordPress plugin through 1.3.4 does not CVE-2021-24668 
feataholic -- maz_loader enforce nonce checks, which allows attackers to make 2021-11-23 4.3 Msc 
administrators delete arbitrary loaders via a CSRF attack paa 
Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 
odes dhiomné allowed a remote attacker who convinced a user to sign into 2021-11-23 68 oo 
goog Chrome to potentially exploit heap corruption via a crafted HTML — MISC 
page. e 
Insufficient policy enforcement in Autofill in Google Chrome prior CVE-2021-38004 
google -- chrome to 95.0.4638.69 allowed a remote attacker to leak cross-origin 2021-11-23 4.3 MISC 
data via a crafted HTML page. MISC 
Use after free in Garbage Collection in Google Chrome prior to CVE-2021-37998 
google -- chrome 95.0.4638.69 allowed a remote attacker to potentially exploit heap || 2021-11-23 6.8 MISC 
corruption via a crafted HTML page. MISC 
Insufficient data validation in New Tab Page in Google Chrome CVE-2021-37999 
google -- chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary 2021-11-23 4.3 MISC 
scripts or HTML in a new browser tab via a crafted HTML page. MISC 
Inappropriate implementation in V8 in Google Chrome prior to CVE-2021-38003 
google -- chrome 95.0.4638.69 allowed a remote attacker to potentially exploit heap || 2021-11-23 6.8 MISC 
corruption via a crafted HTML page. MISC 
Use after free in Web Transport in Google Chrome prior to CVE-2021-38002 
google -- chrome 95.0.4638.69 allowed a remote attacker to potentially perform a 2021-11-23 6.8 MISC 
sandbox escape via a crafted HTML page. MISC 
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 CVE-2021-38001 
google -- chrome allowed a remote attacker to potentially exploit heap corruption via || 2021-11-23 6.8 MISC 
a crafted HTML page. MISC 
Insufficient validation of untrusted input in Intents in Google 
Seale chrome Chrome on Android prior to 95.0.4638.69 allowed a remote 2021-11-23 58 oe 
goog attacker to arbitrarily browser to a malicious URL via a crafted E MISC 
HTML page. o 
In versions of Greenplum database prior to 5.28.6 and 6.14.0, 
greenplum database contains a file path traversal vulnerability CVE-2021-22028 
greenplum -- greenplum leading to information disclosure from the file system. A malicious || 2021-11-19 6.4 MISC... 
user can read/write information from the file system using this ieee 
vulnerability. 
In versions of Greenplum database prior to 5.28.14 and 6.17.0, 
certain statements execution led to the storage of 
greenplum -- greenplum sensitive(credential) information in the logs of the database. A 2021-11-19 4 m e 
malicious user with access to logs can read sensitive(credentials) Poe 
information about users 
Using the parameter of getPFXFolderList function, attackers can 
: see the information of authorization certification and delete the CVE-2020-7882 
hancom:=anysignape files. It occurs because the parameter contains path traversal ADAN NER 8.4 MISC 
characters(ie. '../../../') 
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is CVE-2021-38875 
ibm -- mq vulnerable to a denial of service attack caused by an error 2021-11-23 4 XF 


CONFIRM 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2fe582b 





7/25 


12/2/21, 8:19 AM 


Vulnerability Summary for the Week of November 22, 2021 
































































































































/moddable/xs/sources/xsDebug.c. 

















MISC 


Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key 
Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote 
ibm -- attacker to obtain sensitive information when a detailed technical 2021-11-23 5 r 
security_guardium_key_lifecycle_mąeagemessage is returned in the browser. This information could = CONFIRM 
be used in further attacks against the system. IBM X-Force ID: =. 
212786. 
A flaw was found in ImageMagick where it did not properly 
sanitize certain input before using it to invoke convert processes. CVE-2021-3962 
; ; F i This flaw allows an attacker to create a specially crafted image MISC 
imagemagick -- imagemagick that leads to a use-after-free vulnerability when processed by eet? 6.8 MISC 
ImageMagick. The highest threat from this vulnerability is to MISC 
confidentiality, integrity, as well as system availability. 
; : The Images to WebP WordPress plugin before 1.9 does not 
baia pa iae = validate or sanitise the tab parameter before passing it to the 2021-11-23 5 v1 N 
ges_to_ P include() function, which could lead to a Local File Inclusion issue bears 
The Images to WebP WordPress plugin before 1.9 does not have 
imagestowebp_project -- CSRF checks in place when performing some administrative 2021-11-23 58 CVE-2021-24641 
images_to_webp actions, which could result in modification of plugin settings, Hrg MISC 
Denial-of-Service, as well as arbitrary image conversion 
The eCommerce Product Catalog Plugin for WordPress plugin 
implecode -- before 3.0.39 does not escape the ic-settings-search parameter 2021-11-23 4.3 CVE-2021-24875 
ecommerce_product_catalog before outputting it back in the page in an attribute, leading to a = MISC 
Reflected Cross-Site Scripting issue 
CVE-2021-44033 
ai : In lonic Identity Vault before 5.0.5, the protection mechanism for MISC 
ionic- identity. vault invalid unlock attempts can be bypassed. 2021-1119 46 FULLDISC 
MISC 
CVE-2021-3976 
kimai -- kimai_2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 4.3 MISC 
CONFIRM 
CVE-2021-3957 
kimai -- kimai_2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 4.3 MISC 
CONFIRM 
CVE-2021-3963 
kimai -- kimai_2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 4.3 CONFIRM 
MISC 
A code execution vulnerability exists in the 
dwgCompressor::decompress18() functionality of LibreCad CVE-2021-21898 
librecad -- libdxfrw libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can 2021-11-19 6.8 MISC. 
lead to an out-of-bounds write. An attacker can provide a ee 
malicious file to trigger this vulnerability. 
A code execution vulnerability exists in the 
dwgCompressor::copyCompBytes21 functionality of LibreCad CVE-2021-21899 
librecad -- libdxfrw libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can 2021-11-19 6.8 MISC... 
lead to a heap buffer overflow. An attacker can provide a ae 
malicious file to trigger this vulnerability. 
A code execution vulnerability exists in the dxfRW::processLType() 
: ; functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A CVE-2021-21900 
ee BUXI, specially-crafted .dxf file can lead to a use-after-free vulnerability. 202M £8 MISC 
An attacker can provide a malicious file to trigger this vulnerability. 
The MainWP Child WordPress plugin before 4.1.8 does not 
validate the orderby and order parameter before using them in a CVE-2021-24877 
mainwp -- mainwp_child SQL statement, leading to an SQL injection exploitable by high 2021-11-23 6 Hae 
privilege users such as admin when the Backup and Staging by SE 
WP Time Capsule plugin is installed 
OpenSource Moddable v10.5.0 was discovered to contain a heap CVE-2021-29325 
moddable -- moddable buffer overflow in the fx_String_prototype_repeat function at 2021-11-19 6.8 Msc 
/moddable/xs/sources/xsString.c. e 
OpenSource Moddable v10.5.0 was discovered to contain a stack CVE-2021-29329 
moddable -- moddable overflow in the fxBinaryExpressionNodeDistribute function at 2021-11-19 6.8 Msc 
/moddable/xs/sources/xsTree.c. Gaa 
OpenSource Moddable v10.5.0 was discovered to contain a heap CVE-2021-29327 
moddable -- moddable buffer overflow in the fx_ArrayBuffer function at 2021-11-19 6.8 MISC. 
/moddable/xs/sources/xsDataView.c. Pas 
OpenSource Moddable v10.5.0 was discovered to contain a heap 
moddable -- moddable buffer overflow in the fxIDToString function at 2021-11-19 6.8 we 
/moddable/xs/sources/xsSymbol.c. T 
OpenSource Moddable v10.5.0 was discovered to contain a stack CVE-2021-29324 
moddabie= moddapie overflow via the component /moddable/xs/sources/xsScript.c. stelle | 8.8 MISC 
OpenSource Moddable v10.5.0 was discovered to contain buffer 
moddable -- moddable over-read in the fxDebugThrow function at 2021-11-19 | oe |) 
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Primary ae : CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
OpenSource Moddable v10.5.0 was discovered to contain a heap 
moddable -- moddable buffer overflow via the component 2021-11-19 4.3 eo 
/modules/network/wifi/esp/modwifi.c. ere 
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 
moodle: moödle 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL 2021-11-22 43 oo 
parameter in the filetype site administrator tool required extra = MISC 
sanitizing to prevent a reflected XSS risk. B 
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 
3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient a ieee 
moodle -- moodle a : ; ; 2021-11-22 5 MISC 
capability checks made it possible to fetch other users' calendar MISC 
action events. fama 
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 
moodi- moodle 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete 2021-11-22 68 ao 
related badge" functionality did not include the necessary token = MISC 
check to prevent a CSRF risk. aia 
mySCADA myDESIGNER Versions 8.20.0 and prior fails to 
properly validate contents of an imported project file, which may 
; make the product vulnerable to a path traversal payload. This CVE-2021-43555 
myscada — mydesigner vulnerability may allow an attacker to plant files on the file system peels 6.8 MISC 
in arbitrary locations or overwrite existing files, resulting in remote 
code execution. 
NVIDIA GPU and Tegra hardware contain a vulnerability in the CVE-2021-1125 
nvidia -- dgx-1_p100 internal microcontroller which may allow a user with elevated 2021-11-20 4.9 CONFIRM 
privileges to corrupt program data. rn 
CVE-2021-38375 
; OX App Suite through 7.10.5 allows XSS via the alt attribute of an MISC 
Open-xchange -- ox_app_suite IMG element in a truncated e-mail message. Seite 43 MISC 
MISC 
CVE-2021-33495 
F OX App Suite 7.10.5 allows XSS via an OX Chat system MISC 
open-xchange -- ox_app_ suite message. 2021-11-22 4.3 MISC 
MISC 
CVE-2021-33489 
: OX App Suite through 7.10.5 allows XSS via JavaScript code in a MISC 
open-xchange -- ox_app_suite shared XCF file. 2021-11-22 4.3 MISC 
MISC 
CVE-2021-33490 
7 _ F OX App Suite through 7.10.5 allows XSS via a crafted snippet in a Pre MISC 
open-xchange -- ox_app_ suite shared mail signature. 2021-11-22 4.3 MISC 
MISC 
CVE-2021-33492 
open-xchange -- ox_app_ suite OX App Suite 7.10.5 allows XSS via an OX Chat room name. 2021-11-22 4.3 Rice 
MISC 
OX App Suite through 7.10.5 allows XSS via JavaScript code in oo 
open-xchange -- ox_app_ suite an anchor HTML comment within truncated e-mail, because there || 2021-11-22 4.3 MISC 
is a predictable UUID with HTML transformation results. MISC 
CVE-2021-33494 
: OX App Suite 7.10.5 allows XSS via an OX Chat room title during MISC 
open-xchange -- ox_app_ suite typing rendering. 2021-11-22 4.3 MISC 
MISC 
OX App Suite through 7.10.5 has Incorrect Access Control for ee ne 
open-xchange -- ox_app_ suite retrieval of session information via the rampup action of the login 2021-11-22 5 MISC 
API call. MISC 
OX App Suite through 7.10.5 allows Directory Traversal via ../ in CVE-2021-33491 
openxchánde toka suite an OOXML or ODF ZIP archive, because of the mishandling of 2021-11-22 4 MISC 
P 9 APP relative paths in mail addresses in conjunction with auto- a MISC 
configuration DNS records. MISC 
OX App Suite 7.10.5 allows Information Exposure because a vo =u 
open-xchange -- ox_app_ suite caching mechanism can caused a Modified By response to show 2021-11-22 4 MISC 
a person's name. MISC 
chat in OX App Suite 7.10.5 has Improper Input Validation. A user — 
open-xchange -- ox_app_suite can be redirected to a rogue OX Chat server via a development- 2021-11-22 5.8 MSC 
related hook. MISC 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
A Use-After-Free Remote Vulnerability exists when reading a 
DWG file using Open Design Alliance Drawings SDK before 
2022.11. The specific issue exists within the parsing of DWG files. CVE-2021-43582 
opendesign -- drawings_sdk The issue results from the lack of validating the existence of an 2021-11-22 6.8 Msc 
object prior to performing operations on the object. An attacker D 
can leverage this vulnerability to execute code in the context of 
the current process. 
An Out-of-Bounds Read vulnerability exists when reading a U3D 
file using Open Design Alliance PRC SDK before 2022.11. The 
specific issue exists within the parsing of U3D files. Incorrect use CVE-2021-43581 
opendesign -- prc_sdk of the LibUpeg source manager inside the U3D library, and crafted || 2021-11-22 6.8 MISC. 
data in a U3D file, can trigger a read past the end of an allocated iments 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. 
OroCRM is an open source Client Relationship Management 
(CRM) application. Affected versions we found to suffer from a 
oroinc -- vulnerability which could an attacker is able to disqualify any Lead 2021-11-19 58 CVE-2021-39198 
client_relationship_management with a Cross-Site Request Forgery (CSRF) attack. There are no = CONFIRM 
workarounds that address this vulnerability and all users are 
advised to update their package. 
This affects all versions of package pekeupload. If an attacker CVE-2021-23673 
pekeupload_project -- pekeupload ||induces a user to upload a file whose name contains javascript 2021-11-22 4.3 CONFIRM 
code, the javascript code will be executed. CONFIRM 
When PgBouncer is configured to use "cert" authentication, a 
man-in-the-middle attacker can inject arbitrary SQL queries when CVE-2021-3935 
pgbouncer -- pgbouncer a connection is first established, despite the use of TLS certificate || 2021-11-22 S MISC 
verification and encryption. This flaw affects PgBouncer versions MISC 
prior to 1.16.1. 
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or CVE-2021-26262 
philips -- mri_3t_firmware incorrectly restricts access to a resource from an unauthorized 2021-11-19 5 MISC 
actor. MISC 
: We have already fixed this vulnerability in the following versions of CVE-2021-34358 
anap = qmailagent QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later acme ieee 6.8 CONFIRM 
A reflected cross-site scripting (XSS) vulnerability has been 
reported to affect QNAP NAS running Ragic Cloud DB. If 
ee exploited, this vulnerability allows remote attackers to inject PYE CVE-2021-38681 
anap -- ragic_cloud_db malicious code. QNAP have already disabled and removed Ragic 20RIENEZO 4.3 CONFIRM 
Cloud DB from the QNAP App Center, pending a security patch 
from Ragic. 
Rapid7 Nexpose versions prior to 6.6.114 suffer from an 
information exposure issue whereby, when the user's session has CVE-2019-5640 
rapid7 -- nexpose ended due to inactivity, an attacker can use the inspect element 2021-11-22 5 CONFIRM 
browser feature to remove the login panel and view the details m 
available in the last webpage visited by previous user 
CVE-2021-44025 
MISC 
7 MISC 
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS MISC 
roundcube -- webmail in handling an attachment's filename extension when displaying a || 2021-11-19 4.3 MISC 
MIME type warning message. FEDORA 
FEDORA 
DEBIAN 
Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 CVE-2021-20848 
rwtxt_project -- rwtxt allows a remote attacker to inject an arbitrary script via 2021-11-24 4.3 MISC 
unspecified vectors. MISC 
Cross-site scripting vulnerability in Booking Package - CVE-2021-20840 
; ; Appointment Booking Calendar System versions prior to 1.5.11 MISC 
Saasproject — booking_package allows a remote attacker to inject an arbitrary script via 2021-11-24 43 MISC 
unspecified vectors. MISC 
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. 
The samples library (included by default) in the appstart.sas file, 
allows end-users of the application to access the 
sample.webcsf1.sas program, which contains user-controlled CVE-2021-41569 
sas -- sas\Vintrnet macro variables that are passed to the DS2CSF macro. Users can|| 2021-11-19 5 Msc = 
escape the context of the configured user-controllable variable re 
and append additional functions native to the macro but not 
included as variables within the library. This includes a function 
that retrieves files from the host OS. 
This issue affects: Secomea GateManager All versions prior to 
pecomea =- : 9.6. Improper Check of host header in web server of Secomea 2021-11-22 5 eA 
gatemanager_8250_firmware ppt MISC 
GateManager allows attacker to cause browser cache poisoning. 
The package ssrf-agent before 1.0.5 are vulnerable to Server-side CVE-2021-23718 
ssrf-agent_project -- ssrf-agent Request Forgery (SSRF) via the defaultlpChecker function. It fails | 2021-11-22 5 CONFIRM 
to properly validate if the IP requested is private. CONFIRM 
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Primary ae : CVSS Source & Patch 
Vendor -- Product Description Publlehed | Score Info 
teampasswordmanager -- Team Password Manager (aka TeamPasswordManager) before 2021-11-19 68 oo ad 
team_password_manager 10.135.236 has a CSRF vulnerability during import. — MISC 
teampasswordmanager -- Team Password Manager (aka TeamPasswordManager) before CVE-2021-44037 
ues 2021-11-19 5 MISC 
team_password_manager 10.135.236 allows password-reset poisoning. MISC 
The Tutor LMS WordPress plugin before 1.9.11 does not sanitise 
iheme@uri-atutor Ime and escape user input before outputting back in attributes in the 2021-11-23 43 aoa S 
= Student Registration page, leading to a Reflected Cross-Site — Msc 
Scripting issue == 
: The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent CVE-2021-44150 
transloadit -- tusdotnet spoofing of file content. 2021-11-22 | 4.3 MISC 
CVE-2021-3974 
vim -- vim vim is vulnerable to Use After Free 2021-41-49 | 68 [Re 
FEDORA 
Applications using both ‘spring-cloud-netflix-hystrix-dashboard” 
and ‘spring-boot-starter-thymeleaf expose a way to execute code 
submitted within the request URI path during the resolution of view CVE-2021-22053 
vmware -- spring_cloud_nettflix templates. When a request is made at ‘/hystrix/monitor;[user- 2021-11-19 6.5 MISC... 
provided data]’, the path elements following ‘hystrix/monitor are ——— 
being evaluated as SpringEL expressions, which can lead to code 
execution. 
PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of- CVE-2021-42707 
we-con -- plc_editor bounds write while processing project files, which may allow an 2021-11-22 6.8 Msc 
attacker to execute arbitrary code. ore 
PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based CVE-2021-42705 
we-con -- plc_editor buffer overflow while processing project files, which may allow an || 2021-11-22 6.8 Msc 
attacker to execute arbitrary code. famed 
An issue was discovered in VxWorks 6.9 through 7. In the IKE CVE-2021-43268 
windriver -- vxworks component, a specifically crafted packet may lead to reading 2021-11-24 5 Msc 
beyond the end of a buffer, or a double free. oa 
The File Download API in Wipro Holmes Orchestrator 20.4.1 
Wibro holmes (20.4.1_02_11_2020) allows remote attackers to read arbitrary 2021-11-22 5 — 
P files via absolute path traversal in the SearchString JSON field in 2 MISC 
/home/download POST data. per 
NULL pointer exception in the IPPUSB dissector in Wireshark ora = 
wireshark -- wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or 2021-11-19 5 Msc 
crafted capture file MISC 
NULL pointer exception in the Modbus dissector in Wireshark 1 ran 
wireshark -- wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via 2021-11-19 5 MISC 
packet injection or crafted capture file CONFIRM 
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 o a 
wireshark -- wireshark and 3.2.0 to 3.2.17 allows denial of service via packet injection or || 2021-11-19 5 MISC. 
crafted capture file MISC 
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to hee ee 
wireshark -- wireshark 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet 2021-11-19 5 CONFIRM 
injection or crafted capture file Msc 
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 a an 
wireshark -- wireshark to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet 2021-11-19 5 Msc 
injection or crafted capture file MISC 
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark (eee 
wireshark -- wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or 2021-11-19 5 CONFIRM 
crafted capture file Msc 
Uncontrolled Recursion in the Bluetooth DHT dissector in oo 
wireshark -- wireshark Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of 2021-11-19 5 MISC 
service via packet injection or crafted capture file CONFIRM 
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common_services_platform_collecta 


could exploit this vulnerability by adding malicious code to the 
configuration by using the web-based management interface. A 
successful exploit could allow the attacker to execute arbitrary 
code in the context of the interface or access sensitive, browser- 


CISCO 


Prima saii : CVSS Source & Patch 
Vendor -- ia Description Published Score Info 

The “WPO365 | LOGIN” WordPress plugin (up to and including 

version 15.3) by wpo365.com is vulnerable to a persistent Cross- 

Site Scripting (XSS) vulnerability (also known as Stored or 

Second-Order XSS). Persistent XSS vulnerabilities occur when 

the application stores and retrieves client supplied data without 

proper handling of dangerous content. This type of XSS 

vulnerability is exploited by submitting malicious script content to 

the application which is then retrieved and executed by other 
Wwpo365 -- application users. The attacker could exploit this to conduct a CVE-2021-43409 
wordpress _azure_ad_V_microsoft FIRES ittacks against users of the affected application such as 2021-11-19 4.3 MISC 

= === NESS) ijacking, account take over and accessing sensitive data. MISC 

In this case, the XSS payload can be submitted by any 

anonymous user, the payload then renders and executes when a 

WordPress administrator authenticates and accesses the 

WordPress Dashboard. The injected payload can carry out actions 

on behalf of the administrator including adding other 

administrative users and changing application settings. This flaw 

could be exploited to ultimately provide full control of the affected 

system to the attacker. 

WordPress Hide My WP plugin (versions <= 6.2.3) can be P 
wpwave -- hide_my_wp deactivated by any unauthenticated user. It is possible to retrieve 2021-11-24 5 CONFIRM 

a reset token which can then be used to deactivate the plugin. Msc 

certain VT-d IOMMUs may not work in shared page table mode 

For efficiency reasons, address translation control structures 

(page tables) may (and, on suitable hardware, by default will) be 

shared between CPUs, for second-level translation (EPT), and 

IOMMUs. These page tables are presently set up to always be 4 CVE-2021-28710 
xen -- xen levels deep. However, an IOMMU may require the use of just 3 2021-11-21 6.9 Msc 

page table levels. In such a configuration the lop level table needs me 

to be stripped before inserting the root table's address into the 

hardware pagetable base register. When sharing page tables, Xen 

erroneously skipped this stripping. Consequently, the guest is able 

to write to leaf page table entries. 

Cross-site request forgery (CSRF) vulnerability in Unlimited CVE-2021-20845 
xml-sitemaps -- Sitemap Generator versions prior to v8.2 allows a remote attacker 2021-11-24 6.8 MISC 
unlimited_sitemap_generator ito hijack the authentication of an administrator and conduct mS MISC 

arbitrary operation via a specially crafted web page. MISC 

Back to top 
Low Vulnerabilities 
Prima PE : CVSS Source & Patch 
Vendor -- piel Description Published Score Info 

Authenticated Stored Cross-Site Scripting (XSS) vulnerability 
acurax -- discovered in WordPress Floating Social Media Icon plugin 2021-11-26 3.5 E 
floating_social_media_icon (versions <= 4.3.5) Social Media Configuration form. Requires ies = CONFIRM 

high role user like admin. S 

The Advanced Access Manager WordPress plugin before 6.8.0 CVE-2021-24830 
advanced_access_manager_project|does not escape some of its settings when outputting them, 2021-11-23 35 Msc 
-- advanced_access_manager allowing high privilege users to perform Cross-Site Scripting R CONFIRM 

attacks even when the unfiltered_html capability is disallowed (panes maa 
awesomesupport -- Multiple Authenticated Reflected Cross-Site Scripting (XSS) CVE-2021-36919 
awesome_support_wordpress_helpdeslnerabilities in WordPress Awesome Support plugin (versions 2021-11-26 3:5. MISC 
amp;_ support <= 6.0.6), vulnerable parameters (&id, &assignee). CONFIRM 

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability CVE-2021-36884 
backupbliss -- backup_migration discovered in WordPress Backup Migration plugin <= 1.1.5 2021-11-19 3:5 CONFIRM 

versions. CONFIRM 

A vulnerability in the web-based management interface of Cisco 

Common Services Platform Collector (CSPC) could allow an 

authenticated, remote attacker to conduct a cross-site scripting 

(XSS) attack against a user of the interface. This vulnerability is 

: due to insufficient validation of user-supplied input that is 
Sco [processed by the web-based management interface. An attacker 2021-11-19 25 CVE-2021-40134 











based information. 
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creativemindssolutions -- 
Vvideo_lessons_manager 


The Video Lessons Manager WordPress plugin before 1.7.2 and 


Video Lessons Manager Pro WordPress plugin before 3.5.9 do not 
properly sanitize and escape values when updating their settings, 
which could allow high privilege users to perform Cross-Site 
Scripting attacks 


2021-11-23 


CVE-2021-24713 
MISC 





dell -- emc_cloud_link 


Dell EMC CloudLink 7.1 and all prior versions contain a Buffer 


Overflow Vulnerability. A local low privileged attacker, may 


potentially exploit this vulnerability, leading to an application crash. 


2021-11-23 


CVE-2021-36333 


CONFIRM 
MISC 





dell -- emc_powerscale_onefs 


Dell PowerScale OneFS version 8.1.2 contains a sensitive 
information exposure vulnerability. This would allow a malicious 
user with ISI_PRIV_LOGIN_SSH and/or 
ISI_PRIV_LOGIN_CONSOLE privileges to gain access to 
sensitive information in the log files. 


2021-11-23 


CVE-2021-21561 
CONFIRM 





dell -- 
emc_secure_connect_gateway 


Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive 
information disclosure vulnerability. A local malicious user may 
exploit this vulnerability to read sensitive information and use it. 


2021-11-20 


CVE-2021-36340 


MISC 





dell -- networking_os10 


Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x 


contain an information exposure vulnerability. A low privileged 
authenticated malicious user can gain access to SNMP 
authentication failure messages. 


2021-11-20 


CVE-2021-36319 
MISC 








django-helpdesk_project -- django- 
helpdesk 


django-helpdesk is vulnerable to Improper Neutralization of Input 
During Web Page Generation ('Cross-site Scripting’) 


2021-11-19 


CVE-2021-3950 
MISC 
CONFIRM 








edgexfoundry -- 
app_service_configurable 


Functions SDK for EdgeX is meant to provide all the plumbing 
necessary for developers to get started in 
processing/transforming/exporting data out of the EdgeX loT 
platform. In affected versions broken encryption in app-functions- 
sdk “AES” transform in EdgeX Foundry releases prior to Jakarta 
allows attackers to decrypt messages via unspecified vectors. The 
app-functions-sdk exports an “aes” transform that user scripts can 
optionally call to encrypt data in the processing pipeline. No 
decrypt function is provided. Encryption is not enabled by default, 
but if used, the level of protection may be less than the user may 
expects due to a broken implementation. Version v2.1.0 (EdgeX 
Foundry Jakarta release and later) of app-functions-sdk-go/v2 
deprecates the “aes” transform and provides an improved 
“aes256” transform in its place. The broken implementation will 
remain in a deprecated state until it is removed in the next Edgex 
major release to avoid breakage of existing software that depends 
on the broken implementation. As the broken transform is a library 
function that is not invoked by default, users who do not use the 
AES transform in their processing pipelines are unaffected. Those 
that are affected are urged to upgrade to the Jakarta EdgeX 
release and modify processing pipelines to use the new "aes256" 
transform. 


2021-11-19 


CVE-2021-41278 
MISC 
CONFIRM 





getgrav -- grav-plugin-admin 


grav-plugin-admin is vulnerable to Improper Neutralization of Input 


During Web Page Generation ('Cross-site Scripting’) 


2021-11-19 


CVE-2021-3920 


MISC 
CONFIRM 





huawei -- ecns280_td_firmware 


There is an information leakage vulnerability in FusionCompute 


6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to 
the improperly storage of specific information in the log file, the 
attacker can obtain the information when a user logs in to the 
device. Successful exploit may cause the information leak. 


2021-11-23 


CVE-2021-37036 
MISC 





huawei -- imaster_nce- 
fabric_ firmware 


There is a XSS injection vulnerability in iMaster NCE-Fabric 
V100R019C10. A module of the client does not verify the input 
sufficiently. Attackers can exploit this vulnerability by modifying 
input after logging onto the client. This may compromise the 
normal service of the client. 


2021-11-23 


CVE-2021-22410 
MISC 





incsub -- forminator 


The Forminator WordPress plugin before 1.15.4 does not sanitize 


and escape the email field label, which could allow high privilege 
users to perform Cross-Site Scripting attacks even when the 
unfiltered_html is disallowed 


2021-11-23 


CVE-2021-24700 
MISC 








infornweb -- 
logo_showcase_with_slick_slider 


The Logo Showcase with Slick Slider WordPress plugin before 
1.2.4 does not sanitise the Grid Settings, which could allow users 
with a role as low as Author to perform stored Cross-Site Scripting 
attacks via post metadata of Grid logo showcase. 


2021-11-23 


CVE-2021-24729 
MISC 





metagauss -- download_plugin 


The Download Plugin WordPress plugin before 1.6.1 does not 


have capability and CSRF checks in the dpwap_plugin_activate 
AJAX action, allowing any authenticated users, such as 
subscribers, to activate plugins that are already installed. 


2021-11-23 


CVE-2021-24703 
MISC 








microsoft -- clarity 








There is a Cross-Site Scripting vulnerability in Microsoft Clarity 
version 0.3. The XSS payload executes whenever the user 
changes the clarity configuration in Microsoft Clarity version 0.3. 








The payload is stored on the configuring project Id page. 





2021-11-19 








CVE-2021-33850 
MISC 
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nvidia -- dgx-1_p100 


NVIDIA GPU and Tegra hardware contain a vulnerability in the 


internal microcontroller which may allow a user with elevated 
privileges to gain access to information from unscrubbed registers, 
which may lead to information disclosure. 


2021-11-20 


CVE-2021-34399 
CONFIRM 








nvidia -- dgx-1_p100 


NVIDIA GPU and Tegra hardware contain a vulnerability in the 
internal microcontroller which may allow a user with elevated 
privileges to gain access to information from unscrubbed memory, 
which may lead to information disclosure. 


2021-11-20 


CVE-2021-34400 
CONFIRM 





nvidia -- dgx-1_p100 


NVIDIA GPU and Tegra hardware contain a vulnerability in the 


internal microcontroller which may allow a user with elevated 
privileges to utilize debug mechanisms with insufficient access 
control, which may lead to information disclosure. 


2021-11-20 


CVE-2021-1088 
CONFIRM 








nvidia -- dgx-1_p100 


NVIDIA GPU and Tegra hardware contain a vulnerability in the 
internal microcontroller which may allow a user with elevated 
privileges to access debug registers during runtime, which may 
lead to information disclosure. 


2021-11-20 


CVE-2021-1105 
CONFIRM 





nvidia -- dgx-1_p100 


NVIDIA GPU and Tegra hardware contain a vulnerability in the 


internal microcontroller which may allow a user with elevated 
privileges to access protected information, which may lead to 
information disclosure. 


2021-11-20 


CVE-2021-23219 
CONFIRM 








open-xchange -- ox_app_suite 


The middleware component in OX App Suite through 7.10.5 
allows Code Injection via Java classes in a YAML format. 


2021-11-22 


CVE-2021-33493 
MISC 
MISC 
MISC 





open-xchange -- ox_app_ suite 


OX App Suite through through 7.10.5 allows XSS via a crafted 
snippet that has an app loader reference within an app loader 
URL. 


2021-11-22 


ad tsa N N IN N N 
lon D fui: e po Bass po 


CVE-2021-38374 


MISC 
MISC 
MISC 








Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive 


CVE-2021-42744 

















philips smri Net nivale information to an actor not explicitly authorized to have access. eee | = See 
hilios — mri 3t firmware Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who 2021-11-19 21 m a 
Pap E is outside the intended control sphere to a resource. — MISC 
Shimo Document v2.0.1 contains a cross-site scripting (XSS) 
F vulnerability which allows attackers to execute arbitrary web CVE-2020-22719 
shia: document scripts or HTML via a crafted payload inserted into the table 2021511222 38 MISC 
content text field. 
e eriga ei : CVE-2021-3961 
ae aE A snipe-it is vulnerable to Improper Neutralization of Input During naa SARE 
snipėitapp =- snipe-it Web Page Generation ('Cross-site Scripting') a a 





tribulant -- slideshow_gallery 


The Slideshow Gallery WordPress plugin before 1.7.4 does not 


sanitise and escape the Slide "Title", "Description", and Gallery 
"Title" fields, which could allow high privilege users to perform 
Cross-Site Scripting attacks even when the unfiltered_html is 
disallowed 


2021-11-23 


CVE-2021-24882 
MISC 





wpdeveloper -- betterlinks 











The BetterLinks WordPress plugin before 1.2.6 does not sanitise 


and escape some of imported link fields, which could lead to 
Stored Cross-Site Scripting issues when an admin import a 
malicious CSV. 








2021-11-23 








k ka k 
In ion In 





CVE-2021-24812 
MISC 











Back to top 


Severity Not Yet Assigned 












































Primary — R CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
guests may exceed their designated memory limit When a guest is 
permitted to have close to 16TiB of memory, it may be able to 
issue hypercalls to increase its memory allocation beyond the g r 
ken xen administrator established limit. This is a result of a calculation 2021-11-24 ae we 
done with 32-bit precision, which may overflow. It would then only = 
be the overflowed (and hence small) number which gets 
compared against the established upper bound. 
The vulnerability function is enabled when the streamer service 
related to the AfreecaTV communicated through web socket using 
etree can = amecpatv 21201 port. A stack-based buffer overflow leading to remote code || 2021-11-26 č m d van 
execution was discovered in strcpy() operate by "FanTicket" field. = 
It is because of stored data without validation of length. 
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tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a 
path traversal attack. By manipulating variables that reference 


Aim is an open-source, self-hosted machine learning experiment 





CVE-2021-43775 
MISC 








to execute an arbitrary OS command via unspecified vectors. 


aimait files with A€cedot-dot-slash (../)â€? sequences and its variations 2021-11-23 not yet ||CONFIRM 
or by using absolute file paths, it may be possible to access calculated |MISC 
arbitrary files and directories stored on file system including MISC 
application source code or configuration and critical system files. MISC 
The vulnerability issue is resolved in Aim v3.1.0. 
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, 
alfasado_inc -- powercms PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and 2021-11-24 not yet m 
= PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker calculated |i a5 


MISC 





amazon_web_ service -- iot_devices 


(versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ 
(versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did 
not verify server certificate hostname during TLS handshake when 
overriding Certificate Authorities (CA) in their trust stores on 
MacOS. This issue has been addressed in aws-c-io submodule 
versions 0.10.5 onward. This issue affects: Amazon Web Services 
AWS loT Device SDK v2 for Java versions prior to 1.4.2 on 
macOS. Amazon Web Services AWS loT Device SDK v2 for 
Python versions prior to 1.6.1 on macOS. Amazon Web Services 
AWS loT Device SDK v2 for C++ versions prior to 1.12.7 on 
macOS. Amazon Web Services AWS loT Device SDK v2 for 
Node.js versions prior to 1.5.3 on macOS. Amazon Web Services 
AAWS-C-IO 0.10.4 on macOS. 


Connections initialized by the AWS loT Device SDK v2 for Java 


2021-11-23 


not yet 
calculated 





CVE-2021-40829 
MISC 
MISC 
MISC 
MISC 
MISC 








amazon_web_ service -- iot_devices 


The AWS loT Device SDK v2 for Java, Python, C++ and Node.js 
appends a user supplied Certificate Authority (CA) to the root CAs 
instead of overriding it on Unix systems. TLS handshakes will thus 
succeed if the peer can be verified either from the user-supplied 
CA or the system’s default trust-store. Attackers with access to a 
host’s trust stores or are able to compromise a certificate authority 
already in the host's trust store (note: the attacker must also be 
able to spoof DNS in this case) may be able to use this issue to 
bypass CA pinning. An attacker could then spoof the MQTT 
broker, and either drop traffic and/or respond with the attacker's 
data, but they would not be able to forward this data on to the 
MQTT broker because the attacker would still need the user's 
private keys to authenticate against the MQTT broker. The 
‘aws_tls_ctx_options_override_default_trust_store_*' function 
within the aws-c-io submodule has been updated to override the 
default trust store. This corrects this issue. This issue affects: 
Amazon Web Services AWS loT Device SDK v2 for Java versions 
prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS loT 
Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. 
Amazon Web Services AWS loT Device SDK v2 for C++ versions 
prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS loT 
Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. 
Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix. 


2021-11-23 


not yet 
calculated 


CVE-2021-40830 
MISC 
MISC 
MISC 
MISC 
MISC 








amazon_web_ service -- iot_devices 








The AWS loT Device SDK v2 for Java, Python, C++ and Node.js 
appends a user supplied Certificate Authority (CA) to the root CAs 
instead of overriding it on macOS systems. Additionally, SNI 
validation is also not enabled when the CA has been “overridden”. 
TLS handshakes will thus succeed if the peer can be verified 
either from the user-supplied CA or the system’s default trust- 
store. Attackers with access to a host's trust stores or are able to 
compromise a certificate authority already in the host's trust store 
(note: the attacker must also be able to spoof DNS in this case) 
may be able to use this issue to bypass CA pinning. An attacker 
could then spoof the MQTT broker, and either drop traffic and/or 
respond with the attacker's data, but they would not be able to 
forward this data on to the MQTT broker because the attacker 
would still need the user's private keys to authenticate against the 
MQTT broker. The 
‘aws_tls_ctx_options_override_default_trust_store_*' function 
within the aws-c-io submodule has been updated to address this 
behavior. This issue affects: Amazon Web Services AWS loT 
Device SDK v2 for Java versions prior to 1.5.0 on macOS. 
[Amazon Web Services AWS loT Device SDK v2 for Python 
versions prior to 1.7.0 on macOS. Amazon Web Services AWS 
loT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. 
Amazon Web Services AWS loT Device SDK v2 for Node.js 
versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C- 
IO 0.10.7 on macOS. 











2021-11-23 


not yet 
calculated 








CVE-2021-40831 
MISC 
MISC 
MISC 
MISC 
MISC 
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Connections initialized by the AWS loT Device SDK v2 for Java 


(versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ 
(versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did 
not verify server certificate hostname during TLS handshake when 
overriding Certificate Authorities (CA) in their trust stores on 





CVE-2021-40828 






































the management system is used by an unspecified number of 
users. If you are eligible, please update to the new version as 
soon as possible. 


Windows. This issue has been addressed in aws-c-io submodule MISC 
amazon_web_service -- iot_devices||versions 0.9.13 onward. This issue affects: Amazon Web Services 2021-11-23 not yet MISC 

AWS loT Device SDK v2 for Java versions prior to 1.3.3 on calculated |MISC 

Microsoft Windows. Amazon Web Services AWS loT Device SDK MISC 

v2 for Python versions prior to 1.5.18 on Microsoft Windows. MISC 

Amazon Web Services AWS loT Device SDK v2 for C++ versions 

prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS 

loT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft 

Windows. 

Remote attackers may delete arbitrary files in a system hosting a 
apache -- jspwiki JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly not yet CVE-2021-44140 

crafted http request on logout, given that those files are reachable || 2021-11-24 calculated MISC 

to the user running the JSPWiki instance. Apache JSPWiki users MISC 

should upgrade to 2.11.0 or later. 

A carefully crafted plugin link invocation could trigger an XSS 
apache -- jspwiki vulnerability on Apache JSPWiki, related to the Denounce plugin, not yet CVE-2021-40369 

which could allow the attacker to execute javascript in the victim's || 2021-11-24 ealculated MISC 

browser and get some sensitive information about the victim. MISC 

Apache JSPWiki users should upgrade to 2.11.0 or later. 

Backstage is an open platform for building developer portals. In 

affected versions the auth-backend plugin allows a malicious actor 

to trick another user into visiting a vulnerable URL that executes 
backstage -- backstage an XSS attack. This attack can potentially allow the attacker to not yet CVE-2021-43776 

exfiltrate access tokens or other secrets from the user's browser. 2021-11-26 calculated CONFIRM 

The default CSP does prevent this attack, but it is expected that MISC 

some deployments have these policies disabled due to 

incompatibilities. This is vulnerability is patched in version `0.4.9` 

of ‘@backstage/plugin-auth-backend’. 

Barcode is a GLPI plugin for printing barcodes and QR codes. CVE-2021-43778 
barcode:= barcode GLPI instances version 2.x prior to version 2.6.1 with the barcode not yet CONFIRM 

plugin installed are vulnerable to a path traversal vulnerability. 2021-11-24 calculated MISC 

This issue was patched in version 2.6.1. As a workaround, delete MISC 

the `front/send.php` file. MISC 

BaserCMS is an open source content management system with a 

focus on Japanese language support. In affected versions users 

with upload privilege may upload crafted zip files capable of path notyet CVE-2021-41279 
basercms -- basercms traversal on the host operating system. This is a vulnerability that || 2021-11-26 caed CONFIRM 

needs to be addressed when the management system is used by MISC 

an unspecified number of users. If you are eligible, please update 

to the new version as soon as possible. 

There is a Potential Zip Slip Vulnerability and OS Command 

Injection Vulnerability on the management system of baserCMS. 

Users with permissions to upload files may upload crafted zip files CVE-2021-41243 
basercms -- basercms which may execute arbitrary commands on the host operating 2021-11-26 not yet CONFIRM 

system. This is a vulnerability that needs to be addressed when calculated Msc 





bitdefender -- 
endpoint_security_tools 


A Server-Side Request Forgery (SSRF) vulnerability in the 


EPPUpdateService component of Bitdefender Endpoint Security 
Tools allows an attacker to proxy requests to the relay server. This 
issue affects: Bitdefender Endpoint Security Tools versions prior to 
6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 
6.24.1-1. 


2021-11-24 





not yet 
calculated 


CVE-2021-3552 
MISC 








bitdefender -- 
endpoint_security_tools 


Improper Access Control vulnerability in the patchesUpdate API 
as implemented in Bitdefender Endpoint Security Tools for Linux 
as a relay role allows an attacker to manipulate the remote 
address used for pulling patches. This issue affects: Bitdefender 
Endpoint Security Tools for Linux versions prior to 6.6.27.390; 
versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions 
prior to 6.2.21.160. Bitdefender GravityZone versions prior to 
6.24.1-1. 


2021-11-24 


not yet 
calculated 


CVE-2021-3554 
MISC 





bitdefender -- 
endpoint_security_tools 











A Server-Side Request Forgery (SSRF) vulnerability in the 


EPPUpdateService of Bitdefender Endpoint Security Tools allows 
an attacker to use the Endpoint Protection relay as a proxy for any 
remote host. This issue affects: Bitdefender Endpoint Security 
Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. 
Bitdefender Unified Endpoint for Linux versions prior to 
6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. 








2021-11-24 





not yet 
calculated 











CVE-2021-3553 
MISC 
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d-link -- dwr-932c 


Missing Authentication for Critical Function vulnerability in 
debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an 
unauthenticated attacker to execute administrative actions. 


2021-11-23 


not yet 
calculated 


CVE-2021-42783 


MISC 





d-link -- dwr-932c 


OS Command Injection vulnerability in debug_fcgi of D-Link DWR- 


932C E1 firmware allows a remote attacker to perform command 
injection via a crafted HTTP request. 


2021-11-23 


not yet 
calculated 


Bi 


CVE-2021-42784 


MISC 





Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to 


version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An 












































V500R001C30SPC200, V500R001C30SPC600, 
V500R001C60SPC500, V500R005C00SPC100, 
V500R005C00SPC200; Secospace USG6600 
V500R001C30SPC200, V500R001C30SPC600, 
V500R001C60SPC500, V500R005C00SPC100, 
V500R005C00SPC200; USG9500 V500R001C30SPC200, 
V500R001C30SPC600, V500R001C60SPC500, 
V500R005C00SPC100, V500R005C00SPC200. 


dell -- idrac authenticated remote attacker may potentially exploit this 2021-11-23 no: HR o 
vulnerability to control process execution and gain access to the caicuiated |S ONTI 
underlying operating system. 

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored 

Cross-Site Scripting (XSS) in Notifications Section. An attacker CVE-2021-25986 
django -- django-wiki who has access to edit pages can inject JavaScript payload in the 2021-11-23 not yet CONFIRM 

title field. When a victim gets a notification regarding the changes calculated Msc 

made in the application, the payload in the notification panel f= 

renders and loads external JavaScript. 

A vulnerability affecting F-Secure antivirus engine was discovered 

eactira=fsecute whereby unpacking UPX file can lead to denial-of-service. The not yet CVE-2021-40833 
vulnerability can be exploited remotely by an attacker. A 2021-11-26 calculated MISC 
successful attack will result in denial-of-service of the antivirus MISC 
engine. 

; P ; , CVE-2021-44219 
gin-vue-admin -- gin-vue-admin — |Gin-Vue-Admin before 2.4.6 mishandles a SQL database. 2021-11-24 || Motyet MISC 
calculated MISC 
: : HejHome GKW-IC052 IP Camera contained a hard-coded 

hejhome -- gwk-ic052 redents vulnerability. This issue allows remote attackers to 2021-11-26 ba a e TA 
operate the IP Camera.(reboot, factory reset, snapshot etc..) catcurated jis 
Improper Input Validation vulnerability in the APDU parser in the 
Bidirectional Communication Interface (BCI) IEC 60870-5-104 
function of Hitachi Energy RTU500 series allows an attacker to 

: ; : : cause the receiving RTU500 CMU of which the BCI is enabled to 

hitachi= multiple devices reboot when receiving a specially crafted message. By default, 2021-11-26 a eae ae 
BCI IEC 60870-5-104 function is disabled (not configured). This calculated (LN 
issue affects: Hitachi Energy RTU500 series CMU Firmware 
version 12.0.* (all versions); CMU Firmware version 12.2.* (all 
versions); CMU Firmware version 12.4.* (all versions). 

There is a weak secure algorithm vulnerability in Huawei products. 
A weak secure algorithm is used in a module. Attackers can 
exploit this vulnerability by capturing and analyzing the messages 
between devices to obtain information. This can lead to 
information leak.Affected product versions include: IPS Module 
V500RO05CO0SPC100, VS500RO05CO0SPC200; NGFW Module 
V500R005C00SPC100, V500RO05CO0SPC200; Secospace 
USG6300 V500R001C30SPC200, V500R001C30SPC600, 

huawei -- multiple_products 'V500R001C60SPC500, V500ROO5CO0SPC100, 2021-11-23 not yet CVE-2021-22356 
V500R005C00SPC200; Secospace USG6500 calculated |MISC 





huawei -- smartphones 


There is an Improper permission vulnerability in Huawei 
Smartphone.Successful exploitation of this vulnerability may affect 
service availability. 


2021-11-23 


not yet 
calculated 


CVE-2021-37030 


MISC 





huawei -- smartphones 


There is an Identity verification vulnerability in Huawei 
Smartphone.Successful exploitation of this vulnerability may affect 
service availability. 


2021-11-23 


not yet 
calculated 


CVE-2021-37029 


MISC 





huawei -- smartphones 


There is a Improper Input Validation vulnerability in Huawei 
Smartphone.Successful exploitation of this vulnerability will cause 
kernel crash. 


2021-11-23 


not yet 
calculated 


CVE-2021-37026 


MISC 





huawei -- smartphones 


There is a Improper Input Validation vulnerability in Huawei 
Smartphone.Successful exploitation of this vulnerability will cause 
kernel crash. 


2021-11-23 


not yet 
calculated 


CVE-2021-37025 


MISC 





huawei -- smartphones 


There is a Improper Input Validation vulnerability in Huawei 
Smartphone.Successful exploitation of this vulnerability will cause 
kernel crash. 


2021-11-23 


not yet 
calculated 


CVE-2021-37024 


MISC 





huawei -- smartphones 











There is a Data Processing Errors vulnerability in Huawei 
Smartphone.Successful exploitation of this vulnerability will cause 
kernel crash. 








2021-11-23 





not yet 
calculated 





weeek 





CVE-2021-37018 


MISC 
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Primary oar A CVSS Source & Patch 
Vendor -- Product Description eubilehed | Score Info 
There is a Improper Input Validation vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 Ba ae 
the availability of users is affected. a 
There is a Out-of-bounds Read vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 not yet EACE ANEA 
kernel crash. calculated ||MISC 
There is a Remote DoS vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 a wee 
the app to exit unexpectedly. T 
There is a Bypass vulnerability in Huawei Smartphone.Successful E p 
huawei -- smartphones exploitation of this vulnerability may cause Digital Balance to fail to). 2021-11-23 - An a OREI 2021-37032 
work. calculate SC 
The affected controllers do not properly sanitize the input k p 
huawei -- smartphones containing code syntax. As a result, an attacker could craft code to|| 2021-11-22 Ba va a aia 
alter the intended controller flow of the software. 4 e 
There is an Injection attack vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may affect|| 2021-11-23 Bo a E 
service availability. e 
There is a Improper Input Validation vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 not yet Me E eoe ER e 
keinal crash: calculated ||MISC 
5 There is a Remote DoS vulnerability in Huawei 
huawei = smartphones Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 Mii a o 
the app to exit unexpectedly. ee 
: There is a Data Processing Errors vulnerability in Huawei 
DuaWei smanphones Smartphone.Successful exploitation of this vulnerability will cause | 2021-11-23 notyet a 
kéinel crash, calculated ||MISC 
: There is a Improper Input Validation vulnerability in Huawei 
nuawer= smartphongs Smartphone.Successful exploitation of this vulnerability will cause | 2021-11-23 not yet jii auzta na 
kernel crash. calculated ||MISC 
There is a Improper Input Validation vulnerability in Huawei 
Deane e SMANPNONES Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 not yet.  ————— 
kernel crash. calculated |MISC 
: There is a Out-of-bounds Read vulnerability in Huawei 
huawei = Smanpnones Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 Boa A aes 
Information Disclosure or Denial of Service. = 
z There is a Out-of-bounds Read vulnerability in Huawei 
MAWE S MANPHONES Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 SS vE Leeg 
kernel crash. calculated |MISC 
: There is an Unstandardized field names in Huawei 
nawe: smartphones Smartphone.Successful exploitation of this vulnerability may affect|| 2021-11-23 Mas o e 
service confidentiality. oe 
There is a Exposure of Sensitive Information to an Unauthorized 
huawei -- smartphones Actor vulnerability in Huawei Smartphone.Successful exploitation 2021-11-23 not yet CVE-2021-37010 
of this vulnerability will cause the confidentiality of users is calculated |MISC 
affected. 
There is a Improper Access Control vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability will cause 2021-11-23 not yet |CVE-2021-37023 
media files which can be reads and writes in non-distributed calculated |MISC 
directories on any device on the network.. 
húawei =- smartohones There is a Configuration vulnerability in Huawei not yet |CVE-2021-37009 
p Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 aiaei Msc .OC~™S 
the confidentiality of users is affected. e 
, There is a Improper Input Validation vulnerability in Huawei 
De aval esSiiahipnenas Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 notyet EVE 20214008 
kernel crash. calculated |MISC 
: There is a Improper Preservation of Permissions vulnerability in 
nuawer= smartphongs Huawei Smartphone.Successful exploitation of this vulnerability || 2021-11-23 | TOtyet 1 A 
will cause the confidentiality of users is affected. S 
hawe smartphones There is a Improper Input Validation vulnerability in Huawei not yet |CVE-2021-37005 
p Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 | A dimMisc OS™ 
kernel crash. calculated |MISC 
Ea There is a Improper Input Validation vulnerability in Huawei f : 
nyawer = SmMANPNONES Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 o a oes 
kernel crash. calculated |MISC 
: There is a Heap-based Buffer Overflow vulnerability in Huawei 
Muawer=ismarphones Smartphone.Successful exploitation of this vulnerability will cause || 2021-11-23 d P 
root permission which can be escalated. —— 
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special privileges are required in order to know the address of the 





shards and to log in to the shards of an auth enabled environment. 

















Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an CVE-2021-38890 
ibm -- sterling_connect inadequate account lockout setting that could allow a remote 2021-11-23 not yet CONFIRM 

attacker to brute force account credentials. IBM X-Force ID: calculated xF 

209507. R 

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses CVE-2021-38891 
ibm -- sterling connect weaker than expected cryptographic algorithms that could allow 2021-11-23 not yet CONFIRM 

an attacker to decrypt highly sensitive information. IBM X-Force calculated xe 

ID: 209508. = 
janus-gateway -- janus-gateway janus-gateway is vulnerable to Improper Neutralization of Input 2021-11-27 not yet ena 

During Web Page Generation ('Cross-site Scripting’) calculated Msc 

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker 7 į 
iosattardi= emolcbutton component. In affected versions there are two vectors for XSS nok vet ad 
j J attacks: a URL for a custom emoji, and an i18n string. In both of 2021-11-26 y niese ~ 

F : calculated |MISC 

these cases, a value can be crafted such that it can insert a MISC 

‘script’ tag into the page and execute malicious code. faa 
kaspersky -- password_manager _|[A component in Kaspersky Password Manager could allow an 2021-11-23 not yet |CVE-2021-35052 

attacker to elevate a process Integrity level from Medium to High. calculated |MISC 

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently 
keepalived:— Keepalived restrict the message destination, allowing any user to inspect and ñotvét CVE-2021-44225 

P p manipulate any property. This leads to access-control bypass in 2021-11-26 cia MISC 

some situations in which an unrelated D-Bus system service has a MISC 

settable (writable) property 

A Reflected Cross-Site Scripting vulnerability in McAfee Policy 

Auditor prior to 6.5.2 allows a remote unauthenticated attacker to 

inject arbitrary web script or HTML via the profileNodelD request 
mcafee -- policy_ auditor parameters. The malicious script is reflected unmodified into the 2021-11-23 not yet CVE-2021-31851 

Policy Auditor web-based interface which could lead to the calculated |CONFIRM 

extraction of end user session token or login credentials. These 

may be used to access additional security-critical applications or 

conduct arbitrary cross-domain requests. 

A Reflected Cross-Site Scripting vulnerability in McAfee Policy 

Auditor prior to 6.5.2 allows a remote unauthenticated attacker to 

inject arbitrary web script or HTML via the UID request parameter. 
mcafee -- policy_auditor The malicious script is reflected unmodified into the Policy Auditor 2021-11-23 not yet CVE-2021-31852 

web-based interface which could lead to the extract of end user calculated |CONFIRM 

session token or login credentials. These may be used to access 

additional security-critical applications or conduct arbitrary cross- 

domain requests. 
microsoft -- azure à : ; ; Ae not yet |CVE-2021-42306 

Azure Active Directory Information Disclosure Vulnerability 2021-11-24 calculated ||N/A 
microsoft -- edge Microsoft Edge (Chromium-based) Remote Code Execution 2021-11-24 not yet |CVE-2021-43221 

Vulnerability calculated ||N/A 
microsoft -- edge . : a `j not yet ||CVE-2021-42308 

Microsoft Edge (Chromium-based) Spoofing Vulnerability 2021-11-24 calculated ||N/A 
microsoft -- edge : : : pa not yet ||CVE-2021-43220 

Microsoft Edge for iOS Spoofing Vulnerability 2021-11-24 calculated |N/A 
microsoft -- windows Windows 10 Update Assistant Elevation of Privilege Vulnerability 2021-11-24 not yet ||CVE-2021-43211 

This CVE ID is unique from CVE-2021-42297. calculated ||N/A 
microsoft -- windows Windows 10 Update Assistant Elevation of Privilege Vulnerability 2021-11-24 not yet 7 ar 

This CVE ID is unique from CVE-2021-43211. calculated MISC 

Improper authorization in handler for custom URL scheme 

vulnerability in Android App 'Mercari (Merpay) - Marketplace and 

: ae a ; Mobile Payments App' (Japan version) versions prior to 4.49.1 is f 
mitsubishi electric = mercan-app allows a remote attacker to lead a user to access an arbitrary 2021-11-24 Me Ie e 

website and the website launches an arbitrary Activity of the app e a 

via the vulnerable App, which may result in Mercari account's 

access token being obtained. 

Improper input validation vulnerability in GOT2000 series GT27 

model all versions, GOT2000 series GT25 model all versions, 

GOT2000 series GT23 model all versions, GOT2000 series GT21 CVE-2021-20601 
mitsubishi_electric -- model all versions, GOT SIMPLE series GS21 model all versions, notyet Msc = 
multiple_got2000_series and GT SoftGOT2000 all versions allows an remote 2021-11-23 y RGA 

: ; calculated ||MISC 
unauthenticated attacker to write a value that exceeds the MISC 

configured input range limit by sending a malicious packet to brea 

rewrite the device value. As a result, the system operation may be 

affected, such as malfunction. 

An authorized user may trigger an invariant which may result in 

denial of service or server exit if a relevant aggregation request is 
mongodb -- mongodb sent to a shard. Usually, the requests are sent via mongos and 2021-11-24 Rel arte oe 
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octopus -- tentacle 


When Octopus Tentacle is installed on a Linux operating system, 
the systemd service file permissions are misconfigured. This could 
lead to a local unprivileged user modifying the contents of the 
systemd service file to gain privileged access. 


2021-11-24 


not yet 
calculated 


CVE-2021-31822 
MISC 








qnap -- viostor 


A command injection vulnerability has been reported to affect 
QNAP device, VioStor. If exploited, this vulnerability allows remote 
attackers to run arbitrary commands. We have already fixed this 
vulnerability in the following versions of QVR: QVR FW 5.1.6 build 
20211109 and later 


2021-11-26 


not yet 
calculated 


CVE-2021-38685 
CONFIRM 








qnap -- viostor 


An improper authentication vulnerability has been reported to 
affect QNAP device, VioStor. If exploited, this vulnerability allows 
attackers to compromise the security of the system. We have 
already fixed this vulnerability in the following versions of QVR: 
QVR FW 5.1.6 build 20211109 and later 


2021-11-26 


not yet 
calculated 


CVE-2021-38686 
CONFIRM 








redash -- redash 


Redash is a package for data visualization and sharing. If an 
admin sets up Redash versions 10.0.0 and prior without explicitly 
specifying the RREDASH_COOKIE_SECRET’ or 
*REDASH_SECRET_KEY* environment variables, a default value 
is used for both that is the same across all installations. In such 
cases, the instance is vulnerable to attackers being able to forge 
sessions using the known default value. This issue only affects 
installations where the -REDASH_COOKIE_SECRET or 
REDASH_SECRET_KEY environment variables have not been 
explicitly set. This issue does not affect users of the official 
Redash cloud images, Redash's Digital Ocean marketplace 
droplets, or the scripts in the ‘getredash/setup’ repository. These 
instances automatically generate unique secret keys during 
installation. One can verify whether one's instance is affected by 
checking the value of the REDASH_COOKIE_SECRET™ 
environment variable. If it is 
*c292a0a3aa32397cdb050e233733900F , should follow the steps 
to secure the instance, outlined in the GitHub Security Advisory. 


2021-11-24 


not yet 
calculated 


CVE-2021-41192 
CONFIRM 
MISC 








redash -- redash 


Redash is a package for data visualization and sharing. In Redash 
version 10.0 and prior, the implementation of Google Login (via 
OAuth) incorrectly uses the ‘state’ parameter to pass the next 
URL to redirect the user to after login. The ‘state’ parameter 
should be used for a Cross-Site Request Forgery (CSRF) token, 
not a static and easily predicted value. This vulnerability does not 
affect users who do not use Google Login for their instance of 
Redash. A patch in the ‘master’ and ‘release/10.x.x° branches 
addresses this by replacing “Flask-Oauthlib’ with “Authlib’ which 
automatically provides and validates a CSRF token for the state 
variable. The new implementation stores the next URL on the user 
session object. As a workaround, one may disable Google Login 
to mitigate the vulnerability. 


2021-11-24 


not yet 
calculated 


CVE-2021-43777 
CONFIRM 
MISC 











redash -- redash 





Redash is a package for data visualization and sharing. In 
versions 10.0 and priorm the implementation of URL-loading data 
sources like JSON, CSV, or Excel is vulnerable to advanced 
methods of Server Side Request Forgery (SSRF). These 
vulnerabilities are only exploitable on installations where a URL- 
loading data source is enabled. As of time of publication, the 
`master` and ‘release/10.x.x branches address this by applying 
the Advocate library for making http requests instead of the 
requests library directly. Users should upgrade to version 10.0.1 to 
receive this patch. There are a few workarounds for mitigating the 
vulnerability without upgrading. One can disable the vulnerable 
data sources entirely, by adding the following env variable to one's 
configuration, making them unavailable inside the webapp. One 
can switch any data source of certain types (viewable in the 
GitHub Security Advisory) to be ‘View Only’ for all groups on the 
Settings > Groups > Data Sources screen. For users unable to 
update an admin may modify Redash's configuration through 
environment variables to mitigate this issue. Depending on the 
version of Redash, an admin may also need to run a CLI 
command to re-encrypt some fields in the database. The ‘master’ 
and ‘release/10.x.x° branches as of time of publication have 
removed the default value for REDASH_COOKIE_SECRET-. All 
future releases will also require this to be set explicitly. For existing 
installations, one will need to ensure that explicit values are set for 
the -REDASH_COOKIE_SECRET™* and 
*REDASH_SECRET_KEY ‘variables. 











2021-11-24 





not yet 
calculated 





CVE-2021-43780 
CONFIRM 
MISC 
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sophos -- hitmanpro_alert 


A local administrator could prevent the HMPA service from starting 
despite tamper protection using an unquoted service path 
vulnerability in the HMPA component of Sophos Intercept X 
Advanced and Sophos Intercept X Advanced for Server before 
version 2.0.23, as well as Sophos Exploit Prevention before 
version 3.8.3. 


2021-11-26 


not yet 
calculated 


CVE-2021-25269 
CONFIRM 








sophos -- sophos 


An authenticated user could potentially execute code via an SQLi 
vulnerability in the user portal of SG UTM before version 9.708 
MR8. 


2021-11-26 


not yet 
calculated 





CVE-2021-36807 
CONFIRM 








symfony -- symfony 


Symfony/SecurityBundle is the security system for Symfony, a 
PHP framework for web and console applications and a set of 
reusable PHP components. Since the rework of the Remember 
me cookie in version 5.3.0, the cookie is not invalidated when the 
user changes their password. Attackers can therefore maintain 
their access to the account even if the password is changed as 
long as they have had the chance to login once and get a valid 
remember me cookie. Starting with version 5.3.12, Symfony 
makes the password part of the signature by default. In that way, 
when the password changes, then the cookie is not valid 
anymore. 


2021-11-24 


not yet 
calculated 


CVE-2021-41268 
CONFIRM 
MISC 

MISC 

MISC 








symfony -- symfony 


Symfony/Http-Kernel is the HTTP kernel component for Symfony, 
a PHP framework for web and console applications and a set of 
reusable PHP components. Headers that are not part of the 
"trusted_headers" allowed list are ignored and protect users from 
"Cache poisoning" attacks. In Symfony 5.2, maintainers added 
support for the `X-Forwarded-Prefix` headers, but this header was 
accessible in SubRequest, even if it was not part of the 
"trusted_headers" allowed list. An attacker could leverage this 
opportunity to forge requests containing a ‘X-Forwarded-Prefix” 
header, leading to a web cache poisoning issue. Versions 5.3.12 
and later have a patch to ensure that the ‘X-Forwarded-Prefix’ 
header is not forwarded to subrequests when it is not trusted. 


2021-11-24 


not yet 
calculated 


CVE-2021-41267 
CONFIRM 
MISC 

MISC 

MISC 








symfony -- symfony 


Symfony/Serializer handles serializing and deserializing data 
structures for Symfony, a PHP framework for web and console 
applications and a set of reusable PHP components. Symfony 
versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are 
vulnerable to CSV injection, also known as formula injection. In 
Symfony 4.1, maintainers added the opt-in “csv_escape_formulas” 
option in the ‘CsvEncoder’, to prefix all cells starting with “=, `+, 
`~ or @ with a tab `\t. Since then, OWASP added 2 chars in that 
list: Tab (0x09) and Carriage return (OxOD). This makes the 
previous prefix char (Tab `\t`) part of the vulnerable characters, 
and OWASP suggests using the single quote `“ for prefixing the 
value. Starting with versions 4.4.34 and 5.3.12, Symfony now 
follows the OWASP recommendations and uses the single quote 
`“ to prefix formulas and add the prefix to cells starting by ‘\t’, “\r 


as well as “=, `+, `~ and °@’. 


2021-11-24 


not yet 
calculated 


CVE-2021-41270 
MISC 

CONFIRM 
MISC 

MISC 








synapse -- synapse 


Synapse is a package for Matrix homeservers written in Python 
3/Twisted. Prior to version 1.47.1, Synapse instances with the 
media repository enabled can be tricked into downloading a file 
from a remote server into an arbitrary directory. No authentication 
is required for the affected endpoint. The last 2 directories and file 
name of the path are chosen randomly by Synapse and cannot be 
controlled by an attacker, which limits the impact. Homeservers 
with the media repository disabled are unaffected. Homeservers 
with a federation whitelist are also unaffected, since Synapse will 
check the remote hostname, including the trailing `..^s, against 
the whitelist. Server administrators should upgrade to 1.47.1 or 
later. Server administrators using a reverse proxy could, at the 
expense of losing media functionality, may block the certain 
endpoints as a workaround. Alternatively, non-containerized 
deployments can be adapted to use the hardened systemd config. 


2021-11-23 


not yet 
calculated 


CVE-2021-41281 
MISC 

CONFIRM 
MISC 








synk -- synk 


This affects all versions of package docker-cli-js. If the command 
parameter of the Docker.command method can at least be 
partially controlled by a user, they will be in a position to execute 
any arbitrary OS commands on the host system. 


2021-11-22 


not yet 
calculated 


CVE-2021-23732 
CONFIRM 








synk -- synk 


This affects all versions of package html-to-csv. When there is a 
formula embedded in a HTML page, it gets accepted without any 
validation and the same would be pushed while converting it into a 
CSV file. Through this a malicious actor can embed or generate a 
malicious link or execute commands via CSV files. 


2021-11-26 


not yet 
calculated 


CVE-2021-23654 
CONFIRM 
CONFIRM 








tightvnc -- viewer 








Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer 
allows a remote attacker to execute arbitrary instructions via a 
crafted FramebufferUpdate packet from a VNC server. 











2021-11-23 





not yet 
calculated 





CVE-2021-42785 
MISC 
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2 number of pages). In some cases the hypervisor carries out the 
requests by splitting them into smaller chunks. Error handling in 
certain PoD cases has been insufficient in that in particular partial 
success of some operations was not properly accounted for. 
There are two code paths affected - page removal (CVE-2021- 
28705) and insertion of new pages (CVE-2021-28709). (We 





provide one patch which combines the fix to both issues.) 














Prima ae : CVSS Source & Patch 
Vendor -- naia Description eubilehed | Score Info 
' ARK library allows attackers to execute remote code via the 
ubüntu ate braly parameter(path value) of Ark_ NormalizeAndDupPAthNameW 2021-11-26 || notyet ||CVE-2021-26615 
function because of an integer overflow. calculated (MISC 
A Cross-Origin Resource Sharing (CORS) vulnerability found in 
UniFi Protect application Version 1.19.2 and earlier allows a 
unifi -- protect malicious actor who has convinced a privileged user to access a 2021-11-24 not yet ||CVE-2021-22957 
URL with malicious code to take over said user’s account. This calculated ||MISC 
vulnerability is fixed in UniFi Protect application Version 1.20.0 
and later. 
The vSphere Web Client (FLEX/Flash) contains an unauthorized 
vmware -- vsphere_web_client arbitrary file read vulnerability. A malicious actor with network 2021-11-24 not yet |CVE-2021-21980 
access to port 443 on vCenter Server may exploit this issue to calculated |MISC 
gain access to sensitive information. 
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server 
Side Request Forgery) vulnerability in the vVSAN Web Client 
vmware -- vsphere_web_client (VSAN Ul) plug-in. A malicious actor with network access to port 2021-11-24 not yet |CVE-2021-22049 
443 on vCenter Server may exploit this issue by accessing a URL calculated |MISC 
request outside of vCenter Server or accessing an internal 
service. 
The ImageBoss WordPress plugin before 3.0.6 does not sanitise 
wordpress -- wordpress and escape its Source Name setting, which could allow high 2021-11-23 Pai ae oo 
privilege users to perform Cross-Site Scripting attacks = 
WordPress before 5.8 lacks support for the Update URI plugin 
header. This makes it easier for remote attackers to execute CVE-2021-44223 
wordpress -- wordpress arbitrary code via a supply-chain attack against WordPress 2024-11-25 not yet MISC. 
installations that use any plugin for which the slug satisfies the calculated MISC 
naming constraints of the WordPress.org Plugin Directory but is -= 
not yet present in that directory. 
wordpress -- wordpress The Elementor Website Builder WordPress plugin before 3.1.4 not yet CVE-2021-24891 
does not sanitise or escape user input appended to the DOM via a|| 2021-11-23 calculated MISC 
malicious hash, resulting in a DOM Cross-Site Scripting issue MISC 
Insecure Direct Object Reference in edit function of Advanced 
Forms (Free & Pro) before 1.6.9 allows authenticated remote 
attacker to change arbitrary user's email address and request for CVE-2021-24892 
wordpress -- wordpress reset password, which could lead to take over of WordPress's 2021-11-23 not yet Msc = 
administrator account. To exploit this vulnerability, an attacker calculated MISC 
must register to obtain a valid WordPress's user and use such m 
user to authenticate with WordPress in order to exploit the 
vulnerable edit function. 
The Reviews Plus WordPress plugin before 1.2.14 does not 
wordpress -- wordpress validate the submitted rating, allowing submission of long integer, not yet CVE-2021-24894 
causing a Denial of Service in the review section when an 2021-11-23 calculated CONFIRM 
authenticated user submit such rating and the reviews are set to MISC 
be displayed on the post/page 
issues with partially successful P2M updates on x86 T[his CNA 
information record relates to multiple CVEs; the text explains 
which aspects/vulnerabilities correspond to which CVE.] x86 HVM 
and PVH guests may be started in populate-on-demand (PoD) 
mode, to provide a way for them to later easily have more memory 
assigned. Guests are permitted to control certain P2M aspects of 
individual pages via hypercalls. These hypercalls may act on 
xen -- xen ranges of pages specified via page orders (resulting in a power-of-|} 2021-11-24 pad ada T 
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xen -- xen 


PoD operations on misaligned GFNs T[his CNA information record 
relates to multiple CVEs; the text explains which 
aspects/vulnerabilities correspond to which CVE.] x86 HVM and 
PVH guests may be started in populate-on-demand (PoD) mode, 
to provide a way for them to later easily have more memory 
assigned. Guests are permitted to control certain P2M aspects of 
individual pages via hypercalls. These hypercalls may act on 
ranges of pages specified via page orders (resulting in a power-of- 
2 number of pages). The implementation of some of these 
hypercalls for PoD does not enforce the base page frame number 
to be suitably aligned for the specified order, yet some code 
involved in PoD handling actually makes such an assumption. 
These operations are XENMEM_decrease_reservation (CVE- 
2021-28704) and XENMEM_populate_physmap (CVE-2021- 
28707), the latter usable only by domains controlling the guest, i.e. 
a de-privileged qemu or a stub domain. (Patch 1, combining the fix 
to both these two issues.) In addition handling of 
XXENMEM_decrease_reservation can also trigger a host crash 
when the specified page order is neither 4k nor 2M nor 1G (CVE- 
2021-28708, patch 2). 


2021-11-24 


not yet 
calculated 


CVE-2021-28704 
MISC 








xen -- xen 


PoD operations on misaligned GFNs T[his CNA information record 
relates to multiple CVEs; the text explains which 
aspects/vulnerabilities correspond to which CVE.] x86 HVM and 
PVH guests may be started in populate-on-demand (PoD) mode, 
to provide a way for them to later easily have more memory 
assigned. Guests are permitted to control certain P2M aspects of 
individual pages via hypercalls. These hypercalls may act on 
ranges of pages specified via page orders (resulting in a power-of- 
2 number of pages). The implementation of some of these 
hypercalls for PoD does not enforce the base page frame number 
to be suitably aligned for the specified order, yet some code 
involved in PoD handling actually makes such an assumption. 
These operations are XENMEM_decrease_reservation (CVE- 
2021-28704) and XENMEM_populate_physmap (CVE-2021- 
28707), the latter usable only by domains controlling the guest, i.e. 
a de-privileged qemu or a stub domain. (Patch 1, combining the fix 
to both these two issues.) In addition handling of 
XENMEM_decrease_reservation can also trigger a host crash 
when the specified page order is neither 4k nor 2M nor 1G (CVE- 
2021-28708, patch 2). 


2021-11-24 


not yet 
calculated 


CVE-2021-28707 
MISC 








xen -- xen 


PoD operations on misaligned GFNs T[his CNA information record 
relates to multiple CVEs; the text explains which 
aspects/vulnerabilities correspond to which CVE.] x86 HVM and 
PVH guests may be started in populate-on-demand (PoD) mode, 
to provide a way for them to later easily have more memory 
assigned. Guests are permitted to control certain P2M aspects of 
individual pages via hypercalls. These hypercalls may act on 
ranges of pages specified via page orders (resulting in a power-of- 
2 number of pages). The implementation of some of these 
hypercalls for PoD does not enforce the base page frame number 
to be suitably aligned for the specified order, yet some code 
involved in PoD handling actually makes such an assumption. 
These operations are XENMEM_decrease_reservation (CVE- 
2021-28704) and XENMEM_populate_physmap (CVE-2021- 
28707), the latter usable only by domains controlling the guest, i.e. 
a de-privileged qemu or a stub domain. (Patch 1, combining the fix 
to both these two issues.) In addition handling of 
XENMEM_decrease_reservation can also trigger a host crash 
when the specified page order is neither 4k nor 2M nor 1G (CVE- 
2021-28708, patch 2). 


2021-11-24 


not yet 
calculated 


CVE-2021-28708 
MISC 








xen -- xen 








issues with partially successful P2M updates on x86 T[his CNA 
information record relates to multiple CVEs; the text explains 
which aspects/vulnerabilities correspond to which CVE.] x86 HVM 
and PVH guests may be started in populate-on-demand (PoD) 
mode, to provide a way for them to later easily have more memory 
assigned. Guests are permitted to control certain P2M aspects of 
individual pages via hypercalls. These hypercalls may act on 
ranges of pages specified via page orders (resulting in a power-of- 
2 number of pages). In some cases the hypervisor carries out the 
requests by splitting them into smaller chunks. Error handling in 
certain PoD cases has been insufficient in that in particular partial 
success of some operations was not properly accounted for. 
There are two code paths affected - page removal (CVE-2021- 
28705) and insertion of new pages (CVE-2021-28709). (We 





provide one patch which combines the fix to both issues.) 








2021-11-24 





not yet 
calculated 





CVE-2021-28709 
MISC 
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yamaha -- multiple _routers 


Improper neutralization of HTTP request headers for scripting 
syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and 
earlier, NVR510 Rev.15.01.18 and earlier, NVR700W 
Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier 
allows a remote authenticated attacker to obtain sensitive 
information via a specially crafted web page. 


2021-11-24 


not yet 
calculated 


CVE-2021-20844 
MISC 
MISC 
MISC 
MISC 








yamaha -- multiple_routers 


Cross-site script inclusion vulnerability in the Web GUI of RTX830 
Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, 
NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 
and earlier allows a remote authenticated attacker to alter the 
settings of the product via a specially crafted web page. 


2021-11-24 


not yet 


calculated |f}jan 


CVE-2021-20843 
MISC 








zoom -- client_for_meetings 


A buffer overflow vulnerability was discovered in Zoom Client for 
Meetings (for Android, iOS, Linux, macOS, and Windows) before 
version 5.8.4, Zoom Client for Meetings for Blackberry (for Android 
and iOS) before version 5.8.1, Zoom Client for Meetings for intune 
(for Android and iOS) before version 5.8.4, Zoom Client for 
Meetings for Chrome OS before version 5.0.1, Zoom Rooms for 
Conference Room (for Android, AndroidBali, macOS, and 
Windows) before version 5.8.3, Controllers for Zoom Rooms (for 
Android, iOS, and Windows) before version 5.8.3, Zoom VDI 
before version 5.8.4, Zoom Meeting SDK for Android before 
version 5.7.6.1922, Zoom Meeting SDK for iOS before version 
5.7.6.1082, Zoom Meeting SDK for macOS before version 
5.7.6.1340, Zoom Meeting SDK for Windows before version 
5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and 
Windows) before version 1.1.2, Zoom On-Premise Meeting 
Connector Controller before version 4.8.12.20211115, Zoom On- 
Premise Meeting Connector MMR before version 
4.8.12.20211115, Zoom On-Premise Recording Connector before 
version 5.1.0.65.20211116, Zoom On-Premise Virtual Room 
Connector before version 4.4.7266.20211117, Zoom On-Premise 
Virtual Room Connector Load Balancer before version 
2.5.5692.20211117, Zoom Hybrid Zproxy before version 
1.0.1058.20211116, and Zoom Hybrid MMR before version 
4.6.20211116.131_x86-64. This can potentially allow a malicious 
actor to crash the service or application, or leverage this 
vulnerability to execute arbitrary code. 


2021-11-24 


not yet 
calculated 


CVE-2021-34423 
MISC 








zoom -- client_for_meetings 


A vulnerability was discovered in the Zoom Client for Meetings (for 
Android, iOS, Linux, macOS, and Windows) before version 5.8.4, 
Zoom Client for Meetings for Blackberry (for Android and iOS) 
before version 5.8.1, Zoom Client for Meetings for intune (for 
Android and iOS) before version 5.8.4, Zoom Client for Meetings 
for Chrome OS before version 5.0.1, Zoom Rooms for Conference 
Room (for Android, AndroidBali, macOS, and Windows) before 
version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and 
Windows) before version 5.8.3, Zoom VDI before version 5.8.4, 
Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom 
Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting 
SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK 
for Windows before version 5.7.6.1081, Zoom Video SDK (for 
Android, iOS, macOS, and Windows) before version 1.1.2, Zoom 
on-premise Meeting Connector before version 4.8.12.20211115, 
Zoom on-premise Meeting Connector MMR before version 
4.8.12.20211115, Zoom on-premise Recording Connector before 
version 5.1.0.65.20211116, Zoom on-premise Virtual Room 
Connector before version 4.4.7266.20211117, Zoom on-premise 
Virtual Room Connector Load Balancer before version 
2.5.5692.20211117, Zoom Hybrid Zproxy before version 
1.0.1058.20211116, and Zoom Hybrid MMR before version 
4.6.20211116.131_x86-64 which potentially allowed for the 
exposure of the state of process memory. This issue could be 
used to potentially gain insight into arbitrary areas of the product's 
memory. 


2021-11-24 


not yet 
calculated 


CVE-2021-34424 
MISC 








zyxel -- multiple_ firmware 














A vulnerability in specific versions of Zyxel NBG6818, NBG7815, 
WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre- 
configured password management could allow an attacker to 
obtain root access of the device, if the local attacker dismantles 
the device and uses a USB-to-UART cable to connect the device, 
or if the remote assistance feature had been enabled by an 
authenticated user. 








2021-11-23 





not yet 
calculated 





CVE-2021-35033 
CONFIRM 
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